84 with self.repo.internal_cnx() as cnx: |
84 with self.repo.internal_cnx() as cnx: |
85 oldhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
85 oldhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
86 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
86 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
87 oldhash = self.repo.system_source.binary_to_str(oldhash) |
87 oldhash = self.repo.system_source.binary_to_str(oldhash) |
88 session = self.repo.new_session('oldpassword', password='oldpassword') |
88 session = self.repo.new_session('oldpassword', password='oldpassword') |
89 session.close() |
|
90 newhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
89 newhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser " |
91 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
90 "WHERE cw_login = 'oldpassword'").fetchone()[0] |
92 newhash = self.repo.system_source.binary_to_str(newhash) |
91 newhash = self.repo.system_source.binary_to_str(newhash) |
93 self.assertNotEqual(oldhash, newhash) |
92 self.assertNotEqual(oldhash, newhash) |
94 self.assertTrue(newhash.startswith(b'$6$')) |
93 self.assertTrue(newhash.startswith(b'$6$')) |
95 session = self.repo.new_session('oldpassword', password='oldpassword') |
94 session = self.repo.new_session('oldpassword', password='oldpassword') |
96 session.close() |
|
97 newnewhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE " |
95 newnewhash = cnx.system_sql("SELECT cw_upassword FROM cw_CWUser WHERE " |
98 "cw_login = 'oldpassword'").fetchone()[0] |
96 "cw_login = 'oldpassword'").fetchone()[0] |
99 newnewhash = self.repo.system_source.binary_to_str(newnewhash) |
97 newnewhash = self.repo.system_source.binary_to_str(newnewhash) |
100 self.assertEqual(newhash, newnewhash) |
98 self.assertEqual(newhash, newnewhash) |
101 |
99 |
303 ueid = self.create_user(cnx, u'user').eid |
301 ueid = self.create_user(cnx, u'user').eid |
304 with self.new_access(u'user').repo_cnx() as cnx: |
302 with self.new_access(u'user').repo_cnx() as cnx: |
305 cnx.execute('SET X upassword %(passwd)s WHERE X eid %(x)s', |
303 cnx.execute('SET X upassword %(passwd)s WHERE X eid %(x)s', |
306 {'x': ueid, 'passwd': b'newpwd'}) |
304 {'x': ueid, 'passwd': b'newpwd'}) |
307 cnx.commit() |
305 cnx.commit() |
308 session = self.repo.new_session('user', password='newpwd') |
306 self.repo.new_session('user', password='newpwd') |
309 session.close() |
|
310 |
307 |
311 def test_user_cant_change_other_upassword(self): |
308 def test_user_cant_change_other_upassword(self): |
312 with self.admin_access.repo_cnx() as cnx: |
309 with self.admin_access.repo_cnx() as cnx: |
313 ueid = self.create_user(cnx, u'otheruser').eid |
310 ueid = self.create_user(cnx, u'otheruser').eid |
314 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |
311 with self.new_access(u'iaminusersgrouponly').repo_cnx() as cnx: |