fixes for updating password and unit tests

Author: npalaska

lib/pbench/server/database/models/users.py

@@ -3,7 +3,6 @@
 from sqlalchemy import Column, Integer, String, DateTime, LargeBinary
 from pbench.server.database.database import Database
 from sqlalchemy.orm import relationship
-from sqlalchemy.orm import validates
 
 
 class User(Database.Base):
@@ -17,6 +16,7 @@ class User(Database.Base):
     last_name = Column(String(255), unique=False, nullable=False)
     password = Column(LargeBinary(500), nullable=False)
     registered_on = Column(DateTime, nullable=False)
+    bcrypt_log_rounds = Column(Integer, nullable=False)
     email = Column(String(255), unique=True, nullable=False)
     auth_tokens = relationship("ActiveTokens", backref="users")
 
@@ -25,6 +25,7 @@ def __init__(self, bcrypt_log_rounds, **kwargs):
         self.username = kwargs.get("username")
         self.first_name = kwargs.get("first_name")
         self.last_name = kwargs.get("last_name")
+        self.bcrypt_log_rounds = bcrypt_log_rounds
         self.password = generate_password_hash(
             kwargs.get("password"), bcrypt_log_rounds
         )
@@ -63,14 +64,6 @@ def add(self):
             Database.db_session.rollback()
             raise e
 
-    # Prevent update on "registered_on" field
-    @validates("registered_on")
-    def validates_user_registration(self, key, value):
-        if self.registered_on:  # Field already exists
-            raise ValueError("registered_on cannot be modified.")
-
-        return value
-
     def update(self, **kwargs):
         """
         Update the current user object with given keyword arguments
@@ -81,6 +74,13 @@ def update(self, **kwargs):
                     # Insert the auth token
                     self.auth_tokens.append(value)
                     Database.db_session.add(value)
+                elif key == "password":
+                    setattr(
+                        self, key, generate_password_hash(value, self.bcrypt_log_rounds)
+                    )
+                # Prevent update on "registered_on" and "bcrypt_log_rounds" fields
+                elif key in ["registered_on", "bcrypt_log_rounds"]:
+                    continue
                 else:
                     setattr(self, key, value)
             Database.db_session.commit()

lib/pbench/test/unit/server/test_user_auth.py

@@ -1,4 +1,5 @@
 import time
+import datetime
 from pbench.server.database.models.users import User
 from pbench.server.database.models.active_tokens import ActiveTokens
 from pbench.server.database.database import Database
@@ -283,17 +284,33 @@ def test_update_user(client, server_config):
             data_login = response.json
             assert data_login["status"] == "success"
             assert data_login["message"] == "Successfully logged in."
+
+            new_registration_time = datetime.datetime.now()
             response = client.put(
                 f"{server_config.rest_uri}/user/username",
-                json={"first_name": "newname"},
+                json={"registered_on": new_registration_time, "first_name": "newname"},
                 headers=dict(Authorization="Bearer " + data_login["auth_token"]),
             )
             data = response.json
             assert data["status"] == "success"
             assert data["data"] is not None
             assert data["data"]["first_name"] == "newname"
+            # registered_on is not updatable
+            assert data["data"]["registered_on"] != new_registration_time
             assert response.status_code == 200
 
+            # Test password update
+            response = client.put(
+                f"{server_config.rest_uri}/user/username",
+                json={"password": "newpass"},
+                headers=dict(Authorization="Bearer " + data_login["auth_token"]),
+            )
+            time.sleep(1)
+            response = login_user(client, server_config, "username", "newpass")
+            data_login = response.json
+            assert data_login["status"] == "success"
+            assert data_login["message"] == "Successfully logged in."
+
     @staticmethod
     def test_malformed_auth_token(client, server_config):
         """ Test for user status for malformed auth token"""