Password edit
=============

Log in as manager:

    >>> manager = browsers.manager
    >>> manager.open('http://localhost')
    >>> manager.query.link('Log in').click()
    >>> manager.query.name('username').type('manager')
    >>> manager.query.name('password').type('schooltool')
    >>> manager.query.button('Log in').click()

A school year is necessary for managing people:

    >>> manager.query.link('School').click()
    >>> manager.query.link('School Year').click()
    >>> manager.query.name('form.widgets.title').type('2011')
    >>> manager.query.name('form.widgets.first').ui.enter_date('2011-01-01')
    >>> manager.query.name('form.widgets.last').ui.enter_date('2011-12-31')
    >>> manager.query.button('Submit').click()

Set up people:

    >>> manager.ui.person.add('Tom', 'Hoffman', 'tom', 'tom')
    >>> manager.ui.person.add('Camila', 'Cerna', 'camila', 'camila')

Log in as tom:

    >>> tom = browsers.tom
    >>> tom.open('http://localhost')
    >>> tom.query.link('Log in').click()
    >>> tom.query.name('username').type('tom')
    >>> tom.query.name('password').type('tom')
    >>> tom.query.button('Log in').click()

Users can change their passwords based on a security setting, which by
default is enabled:

    >>> manager.query.link('Server').click()
    >>> manager.query.link('Security').click()
    >>> manager.query.xpath('//a[@title="Edit the access rights"]').click()
    >>> css_selector = 'input[id$=".persons_can_change_their_passwords"]'
    >>> manager.printHTML(manager.query_all.css(css_selector))
    <input checked="checked" class="choice_field" id="on.persons_can_change_their_passwords" name="setting.persons_can_change_their_passwords" type="radio" value="True" />
    <input class="choice_field" id="off.persons_can_change_their_passwords" name="setting.persons_can_change_their_passwords" type="radio" value="False" />

If the setting is turned off:

    >>> manager.query.id('off.persons_can_change_their_passwords').click()
    >>> manager.query.button('Apply').click()

Tom can't change his password:

    >>> tom.query.link('Home').click()
    >>> css_selector = 'div.refine div.content:nth-child(2) li a'
    >>> print tom.query_all.css(css_selector)
    <a href="#" id="...">
      Preferences
    </a>

even if he tries to access the view directly through its URL:

    >>> tom.open('http://localhost/persons/tom/password_edit.html')
    >>> tom.query.id('form-widgets-current').type('tom')
    >>> tom.query.id('form-widgets-password').type('newpass')
    >>> tom.query.id('form-widgets-verify_password').type('newpass')
    >>> tom.query.button('Apply').click()

    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      You are not allowed to access this page. You can click on the
      back button in your browser to go back, or ask a more
      privileged user to log in.
    </div>

If the setting is turned on:

    >>> manager.query.xpath('//a[@title="Edit the access rights"]').click()
    >>> manager.query.id('on.persons_can_change_their_passwords').click()
    >>> manager.query.button('Apply').click()

then Tom can change his password using the UI:

    >>> tom.query.link('Home').click()

    >>> settings = tom.query_all.css('.refine .content')[1]
    >>> print settings.query.css('.header').text
    Settings

    >>> print settings.query_all.css('a').text
    Preferences
    Password

    >>> tom.query.link('Password').click()
    >>> print tom.query.css('div.page > div.header > h1').text
    Tom Hoffman
    >>> print tom.query.css('div.page > div.header > h2').text
    Password

The form shows three fields:

    >>> for label in tom.query_all.css('fieldset label span:nth-child(1)'):
    ...     print label.text
    Current password
    New password
    Verify new password

Current password is required:

    >>> tom.query.id('form-widgets-password').type('newpass')
    >>> tom.query.id('form-widgets-verify_password').type('newpass')
    >>> tom.query.button('Apply').click()

    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      Please correct the marked fields below.
    </div>
    >>> css_selector = '#form-widgets-current-row div.error div.error'
    >>> print tom.query.css(css_selector).text
    Required input is missing.

and has to be the correct password:

    >>> tom.query.id('form-widgets-current').type('wrongpass')
    >>> tom.query.id('form-widgets-password').type('newpass')
    >>> tom.query.id('form-widgets-verify_password').type('newpass')
    >>> tom.query.button('Apply').click()

    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      Please correct the marked fields below.
    </div>
    >>> css_selector = '#form-widgets-current-row div.error div.error'
    >>> print tom.query.css(css_selector).text
    Wrong password supplied

If the current password is supplied, but no new passwords are set,
there's a notification message:

    >>> tom.query.id('form-widgets-current').type('tom')
    >>> tom.query.button('Apply').click()

    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      Please correct the marked fields below.
    </div>

New passwords have to be the same:

    >>> tom.query.id('form-widgets-current').type('tom')
    >>> tom.query.id('form-widgets-password').type('NEWPASS')
    >>> tom.query.id('form-widgets-verify_password').type('newpass')
    >>> tom.query.button('Apply').click()

    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      Please correct the marked fields below.
    </div>

    >>> css_selector = '#form-widgets-password-row div.error div.error'
    >>> print tom.query.css(css_selector).text
    Supplied new passwords are not identical

If the user changes his own password successfully, he will get a
dialog telling him that he needs to authenticate again:

    >>> tom.query.id('form-widgets-current').type('tom')
    >>> tom.query.id('form-widgets-password').type('newpass')
    >>> tom.query.id('form-widgets-verify_password').type('newpass')
    >>> tom.query.button('Apply').click()

    >>> dialog = tom.query.css('.ui-dialog')
    >>> print dialog.query.css('.ui-dialog-title').text
    Password changed successfully

    >>> print dialog.query.css('.ui-dialog-content').text
    Password changed successfully

After clicking OK he's redirected to his homepage.

    >>> tom.wait_page(dialog.query.button('OK').click)

    >>> print tom.query.css('.page .header').text
    Tom Hoffman

Administrative users can modify other user's passwords:

    >>> manager.query.link('School').click()
    >>> manager.query.link('People').click()
    >>> manager.query.link('Tom').click()
    >>> manager.query.link('Password').click()

without knowing their current password:

    >>> for label in manager.query_all.css('fieldset label '
    ...                                    'span:nth-child(1)'):
    ...     print label.text
    New password
    Verify new password

    >>> manager.query.id('form-widgets-password').type('anotherpass')
    >>> manager.query.id('form-widgets-verify_password').type('anotherpass')
    >>> manager.query.button('Apply').click()

    >>> print manager.query.css('div.summary')
    <div class="summary ui-state-highlight ui-corner-all">
      <span class="ui-icon ui-icon-info">
        icon
      </span>
      Password changed successfully
    </div>

    >>> tom.query.link('Home').click()
    >>> print tom.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      You are not allowed to access this page. You can click on the
      back button in your browser to go back, or ask a more privileged
      user to log in.
    </div>

    >>> tom.query.name('username').type('tom')
    >>> tom.query.name('password').type('anotherpass')
    >>> tom.query.button('Log in').click()
    >>> print tom.query.css('div.page > div.header > h1').text
    Tom Hoffman

And non-administrative users can't edit other user's passwords:

    >>> camila = browsers.camila
    >>> camila.open('http://localhost')
    >>> camila.query.link('Log in').click()
    >>> camila.query.name('username').type('camila')
    >>> camila.query.name('password').type('camila')
    >>> camila.query.button('Log in').click()

    >>> camila.query.link('Home').click()
    >>> print camila.query.css('div.page > div.header > h1').text
    Camila Cerna

    >>> camila.open('http://localhost/persons/tom/password_edit.html')
    >>> print camila.query.css('div.summary')
    <div class="summary ui-state-error ui-corner-all">
      <span class="ui-icon ui-icon-alert">
        icon
      </span>
      You are not allowed to access this page. You can click on the
      back button in your browser to go back, or ask a more privileged
      user to log in.
    </div>
