You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/06/20 17:52:19 UTC
[02/15] git commit: [#7432] ticket:598 Fix set_password for local
auth provider
[#7432] ticket:598 Fix set_password for local auth provider
Handle the case when old password is provided properly
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/7e5737a2
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/7e5737a2
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/7e5737a2
Branch: refs/heads/master
Commit: 7e5737a28712936048c4637ca40dad1fafabc2ea
Parents: 0ffaee3
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed Jun 4 18:07:45 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri Jun 20 15:39:17 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 8 ++++++--
Allura/allura/model/auth.py | 2 +-
Allura/allura/tests/model/test_auth.py | 19 +++++++++++++++++--
3 files changed, 24 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/7e5737a2/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index df1116c..340c27e 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -300,8 +300,12 @@ class LocalAuthenticationProvider(AuthenticationProvider):
return M.User.query.get(username=rex, disabled=False)
def set_password(self, user, old_password, new_password):
- user.password = self._encode_password(new_password)
- user.last_password_updated = datetime.utcnow()
+ if old_password is not None and not self.validate_password(user, old_password):
+ raise exc.HTTPUnauthorized()
+ else:
+ user.password = self._encode_password(new_password)
+ user.last_password_updated = datetime.utcnow()
+ session(user).flush(user)
def _encode_password(self, password, salt=None):
from allura import model as M
http://git-wip-us.apache.org/repos/asf/allura/blob/7e5737a2/Allura/allura/model/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py
index c7b1004..932dd17 100644
--- a/Allura/allura/model/auth.py
+++ b/Allura/allura/model/auth.py
@@ -652,7 +652,7 @@ class User(MappedClass, ActivityNode, ActivityObject):
def set_password(self, new_password):
return plugin.AuthenticationProvider.get(request).set_password(
- self, self.password, new_password)
+ self, None, new_password)
@classmethod
def anonymous(cls):
http://git-wip-us.apache.org/repos/asf/allura/blob/7e5737a2/Allura/allura/tests/model/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/model/test_auth.py b/Allura/allura/tests/model/test_auth.py
index 748b920..6389002 100644
--- a/Allura/allura/tests/model/test_auth.py
+++ b/Allura/allura/tests/model/test_auth.py
@@ -28,9 +28,10 @@ from nose.tools import (
assert_not_in,
assert_in,
assert_true,
+ assert_raises,
)
from pylons import tmpl_context as c, app_globals as g
-from webob import Request
+from webob import Request, exc
from mock import patch, Mock
from datetime import datetime, timedelta
@@ -62,11 +63,25 @@ class TestLocalAuthenticationProvider(object):
assert ep('test_pass') != ep('test_pass')
assert ep('test_pass', '0000') == ep('test_pass', '0000')
+ def test_set_password_with_old_password(self):
+ user = Mock()
+ user.__ming__ = Mock()
+ self.provider.validate_password = lambda u, p: False
+ assert_raises(
+ exc.HTTPUnauthorized,
+ self.provider.set_password, user, 'old', 'new')
+ assert_equal(user._encode_password.call_count, 0)
+
+ self.provider.validate_password = lambda u, p: True
+ self.provider.set_password(user, 'old', 'new')
+ user._encode_password.assert_callued_once_with('new')
+
def test_set_password_sets_last_updated(self):
user = Mock()
+ user.__ming__ = Mock()
user.last_password_updated = None
now1 = datetime.utcnow()
- self.provider.set_password(user, '', '')
+ self.provider.set_password(user, None, 'new')
now2 = datetime.utcnow()
assert_true(user.last_password_updated > now1)
assert_true(user.last_password_updated < now2)