Closes #92: Ensure and test webdav digest is updated when create or update password

tracim/tracim/command/user.py

@@ -106,6 +106,7 @@ class UserCommand(AppContextCommand):
 
         try:
             user = User(email=login, password=password, **kwargs)
+            user.update_webdav_digest_auth(password)
             self._session.add(user)
             self._session.flush()
         except IntegrityError:
@@ -117,6 +118,7 @@ class UserCommand(AppContextCommand):
     def _update_password_for_login(self, login, password):
         user = self._user_api.get_one_by_email(login)
         user.password = password
+        user.update_webdav_digest_auth(password)
         self._session.flush()
         transaction.commit()
 

tracim/tracim/controllers/admin/user.py

@@ -210,6 +210,7 @@ class UserPasswordAdminRestController(TIMRestController):
             tg.redirect(next_url)
 
         user.password = new_password1
+        user.update_webdav_digest_auth(new_password1)
         pm.DBSession.flush()
 
         tg.flash(_('The password has been changed'), CST.STATUS_OK)

tracim/tracim/controllers/user.py

@@ -1,33 +1,16 @@
 # -*- coding: utf-8 -*-
-from webob.exc import HTTPForbidden
-
-from tracim import model  as pm
 
-from sprox.tablebase import TableBase
-from sprox.formbase import EditableForm, AddRecordForm
-from sprox.fillerbase import TableFiller, EditFormFiller
-from tw2 import forms as tw2f
 import tg
 from tg import tmpl_context
-from tg.i18n import ugettext as _, lazy_ugettext as l_
-
-from sprox.widgets import PropertyMultipleSelectField
-from sprox._compat import unicode_text
-
-from formencode import Schema
-from formencode.validators import FieldsMatch
+from tg.i18n import ugettext as _
+from webob.exc import HTTPForbidden
 
 from tracim.controllers import TIMRestController
-from tracim.lib import helpers as h
 from tracim.lib.user import UserApi
-from tracim.lib.group import GroupApi
-from tracim.lib.user import UserStaticApi
-from tracim.lib.userworkspace import RoleApi
 from tracim.lib.workspace import WorkspaceApi
 
-from tracim.model import DBSession
-from tracim.model.auth import Group, User
 from tracim.model.serializers import Context, CTX, DictLikeClass
+from tracim import model as pm
 
 
 class UserWorkspaceRestController(TIMRestController):
@@ -123,7 +106,7 @@ class UserPasswordRestController(TIMRestController):
             tg.redirect(redirect_url)
 
         current_user.password = new_password1
-        current_user.webdav_left_digest_response_hash = '%s:/:%s' % (current_user.email, new_password1)
+        current_user.update_webdav_digest_auth(new_password1)
         pm.DBSession.flush()
 
         tg.flash(_('Your password has been changed'))

tracim/tracim/model/auth.py

@@ -14,7 +14,6 @@ import os
 from datetime import datetime
 import time
 from hashlib import sha256
-from slugify import slugify
 from sqlalchemy.ext.hybrid import hybrid_property
 from tg.i18n import lazy_ugettext as l_
 from hashlib import md5
@@ -218,6 +217,14 @@ class User(DeclarativeBase):
                                                descriptor=property(_get_hash_digest,
                                                                     _set_hash_digest))
 
+    def update_webdav_digest_auth(self, password) -> None:
+        self.webdav_left_digest_response_hash \
+            = '{username}:/:{password}'.format(
+                username=self.email,
+                password=password,
+            )
+
+
     def validate_password(self, password):
         """
         Check the password against existing credentials.

tracim/tracim/tests/command/user.py

@@ -11,16 +11,34 @@ class TestUserCommand(TestCommand):
 
     def test_create(self):
         self._create_user('new-user@algoo.fr', 'toor')
+        # Check webdav digest exist for this user
+        user = DBSession.query(User)\
+            .filter(User.email == 'new-user@algoo.fr').one()
+        ok_(user.webdav_left_digest_response_hash)
 
     def test_update_password(self):
         self._create_user('new-user@algoo.fr', 'toor')
+
+        # Grab webdav digest
+        user = DBSession.query(User) \
+            .filter(User.email == 'new-user@algoo.fr').one()
+        webdav_digest = user.webdav_left_digest_response_hash
+
         self._execute_command(
-            CreateUserCommand,
+            UpdateUserCommand,
             'gearbox user update',
             ['-l', 'new-user@algoo.fr', '-p', 'new_password']
         )
         user = DBSession.query(User).filter(User.email == 'new-user@algoo.fr').one()
-        user.validate_password('new_password')
+        ok_(user.validate_password('new_password'))
+
+        # Grab new webdav digest to compare it
+        user = DBSession.query(User) \
+            .filter(User.email == 'new-user@algoo.fr').one()
+        ok_(
+            webdav_digest != user.webdav_left_digest_response_hash,
+            msg='Webdav digest should be different',
+        )
 
     def test_create_with_group(self):
         more_args = ['--add-to-group', 'managers', '--add-to-group', 'administrators']

tracim/tracim/tests/functional/test_admin.py

@@ -0,0 +1,88 @@
+# -*- coding: utf-8 -*-
+from collections import OrderedDict
+
+from nose.tools import eq_
+from nose.tools import ok_
+
+from tracim.model import DBSession
+from tracim.model import User
+from tracim.tests import TracimTestController
+
+
+class TestAuthentication(TracimTestController):
+    application_under_test = 'main'
+
+    def test_create_user(self):
+        self._connect_user(
+            'admin@admin.admin',
+            'admin@admin.admin',
+        )
+
+        user_count = DBSession.query(User) \
+            .filter(User.email == 'an-other-email@test.local').count()
+        eq_(0, user_count, 'User should not exist yet')
+
+        # Create a new user
+        try_post_user = self.app.post(
+            '/admin/users',
+            OrderedDict([
+                ('name', 'TEST'),
+                ('email', 'an-other-email@test.local'),
+                ('password', 'password'),
+                ('is_tracim_manager', 'off'),
+                ('is_tracim_admin', 'off'),
+                ('send_email', 'off'),
+            ])
+        )
+
+        eq_(try_post_user.status_code, 302,
+            "Code should be 302, but is %d" % try_post_user.status_code)
+
+        user = DBSession.query(User) \
+            .filter(User.email == 'an-other-email@test.local').one()
+        ok_(user, msg="User should exist now")
+        ok_(user.validate_password('password'))
+
+        # User must have webdav digest
+        ok_(user.webdav_left_digest_response_hash)
+
+    def test_update_user_password(self):
+        self._connect_user(
+            'admin@admin.admin',
+            'admin@admin.admin',
+        )
+
+        # Create a new user (tested in test_create_user)
+        self.app.post(
+            '/admin/users',
+            OrderedDict([
+                ('name', 'TEST'),
+                ('email', 'an-other-email@test.local'),
+                ('password', 'an-other-email@test.local'),
+                ('is_tracim_manager', 'off'),
+                ('is_tracim_admin', 'off'),
+                ('send_email', 'off'),
+            ])
+        )
+
+        user = DBSession.query(User) \
+            .filter(User.email == 'an-other-email@test.local').one()
+        webdav_digest = user.webdav_left_digest_response_hash
+
+        self.app.post(
+            '/admin/users/{user_id}/password?_method=PUT'.format(
+                user_id=user.user_id
+            ),
+            OrderedDict([
+                ('new_password1', 'new-password'),
+                ('new_password2', 'new-password'),
+            ])
+        )
+
+        user = DBSession.query(User) \
+            .filter(User.email == 'an-other-email@test.local').one()
+        ok_(user.validate_password('new-password'))
+        ok_(
+            webdav_digest != user.webdav_left_digest_response_hash,
+            msg='Webdav digest should be updated',
+        )

tracim/tracim/tests/functional/test_user.py

@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+from collections import OrderedDict
+
+from nose.tools import eq_
+from nose.tools import ok_
+
+from tracim.model import DBSession
+from tracim.model import User
+from tracim.tests import TracimTestController
+from tracim.fixtures.users_and_groups import Test as TestFixture
+
+
+class TestAuthentication(TracimTestController):
+    application_under_test = 'main'
+    fixtures = [TestFixture]
+
+    def test_update_password(self):
+        self._connect_user(
+            'lawrence-not-real-email@fsf.local',
+            'foobarbaz',
+        )
+
+        user = DBSession.query(User) \
+            .filter(User.email == 'lawrence-not-real-email@fsf.local').one()
+        webdav_digest = user.webdav_left_digest_response_hash
+
+        try_post_user = self.app.post(
+            '/user/{user_id}/password?_method=PUT'.format(
+                user_id=user.user_id
+            ),
+            OrderedDict([
+                ('current_password', 'foobarbaz'),
+                ('new_password1', 'new-password'),
+                ('new_password2', 'new-password'),
+            ])
+        )
+        eq_(try_post_user.status_code, 302,
+            "Code should be 302, but is %d" % try_post_user.status_code)
+
+        user = DBSession.query(User) \
+            .filter(User.email == 'lawrence-not-real-email@fsf.local').one()
+        ok_(user.validate_password('new-password'))
+        ok_(
+            webdav_digest != user.webdav_left_digest_response_hash,
+            msg='Webdav digest should be updated',
+        )