==================
Password edit form
==================

We will edit the password of a person. First, let's create the person:

  >>> from zope.testbrowser.testing import Browser
  >>> manager = Browser()
  >>> manager.addHeader('Authorization', 'Basic manager:schooltool')

  >>> from schooltool.app.browser.ftests.setup import addPerson
  >>> addPerson('john', 'john', 'barfoo')

We will set the password that user:

  >>> manager.open('http://localhost/persons/john/@@password_edit.html')
  >>> password_widget = manager.getControl(name='form.password')
  >>> password_widget.value = 'mypassword'
  >>> confirm_widget = manager.getControl(name='form.password.confirm')
  >>> confirm_widget.value = 'mypassword'
  >>> manager.getControl('Apply').click()

We will get the 'Changed password' message:

  >>> 'Changed password' in manager.contents
  True

We can now log in as that user with that password:

  >>> def canLogin(username, password):
  ...     user_browser = Browser()
  ...     user_browser.addHeader('Authorization', 'Basic %s:%s' % (username,
  ...         password))
  ...     user_browser.open('http://localhost/')
  ...     return 'Logged in as' in user_browser.contents
  >>> canLogin('john', 'mypassword')
  True

Now let's try putting in something inconsistent in confirm:

  >>> manager.open('http://localhost/persons/john/@@password_edit.html')
  >>> password_widget = manager.getControl(name='form.password')
  >>> password_widget.value = 'mypassword'
  >>> confirm_widget = manager.getControl(name='form.password.confirm')
  >>> confirm_widget.value = 'mypassword2'
  >>> manager.getControl('Apply').click()

We get a message that this didn't work:

  >>> 'Supplied passwords are not identical' in manager.contents
  True

We can still log in as usual with the original password:

  >>> canLogin('john', 'mypassword')
  True
  >>> canLogin('john', 'mypassword2')
  False

We can try putting in an empty password, too:

  >>> manager.open('http://localhost/persons/john/@@password_edit.html')
  >>> password_widget = manager.getControl(name='form.password')
  >>> password_widget.value = ''
  >>> confirm_widget = manager.getControl(name='form.password.confirm')
  >>> confirm_widget.value = ''
  >>> manager.getControl('Apply').click()

The system will not allow that, instead leaving the password unchanged:

  >>> 'unchanged' in manager.contents
  True

Since the password didn't change, we can still log in as usual with
the original password:

  >>> canLogin('john', 'mypassword')
  True
  >>> canLogin('john', '')
  False

What happens if person tries to change his password himself?

  >>> john = Browser()
  >>> john.handleErrors = False
  >>> john.addHeader('Authorization', 'Basic john:mypassword')
  >>> john.open('http://localhost/persons/john/')
  >>> john.getLink('Change Password').click()
  >>> password_widget = john.getControl(name='form.password')
  >>> password_widget.value = 'new_password'
  >>> confirm_widget = john.getControl(name='form.password.confirm')
  >>> confirm_widget.value = 'new_password'
  >>> john.getControl('Apply').click()

  >>> canLogin('john', 'new_password')
  True

Let's take away the permission:

  >>> manager.open('http://localhost/access_control.html')
  >>> manager.getControl('Users can change their own passwords').click()
  >>> manager.getControl('Apply').click()

And try changing the password again:

  >>> john = Browser()
  >>> john.handleErrors = False
  >>> john.addHeader('Authorization', 'Basic john:new_password')
  >>> john.open('http://localhost/persons/john/')
  >>> 'Change Password' not in john.contents
  True

No link here, let's try going to the view directly:

  >>> john.open('http://localhost/persons/john/@@password_edit.html')
  >>> password_widget = john.getControl(name='form.password')
  >>> password_widget.value = 'another_password'
  >>> confirm_widget = john.getControl(name='form.password.confirm')
  >>> confirm_widget.value = 'another_password'
  >>> john.getControl('Apply').click()
  Traceback (most recent call last):
  ...
  Unauthorized: (<...PersonPasswordWriter object at ...>, 'setPassword', 'schooltool.edit')
