def test_get_email_token(self):
email = '*****@*****.**'
salt = 'salt'
secret = 'secret'
token = utils.get_email_token(email, salt, secret)
self.assertEquals('ImFAYS5jb20i', token[0:12])
decoded = utils.get_email_from_token(token, salt, secret)
self.assertEquals(email, decoded)
time.sleep(2)
with self.assertRaises(Exception) as context:
decoded = utils.get_email_from_token(token, salt,
secret, max_age=1)
self.assertTrue('Signature age 2 > 1 seconds' in context.exception)
def test_get_email_token(self):
email = '*****@*****.**'
salt = 'salt'
secret = 'secret'
token = utils.get_email_token(email, salt, secret)
self.assertEquals('ImFAYS5jb20i', token[0:12])
decoded = utils.get_email_from_token(token, salt, secret)
self.assertEquals(email, decoded)
time.sleep(2)
with self.assertRaises(Exception) as context:
decoded = utils.get_email_from_token(token,
salt,
secret,
max_age=1)
self.assertTrue('Signature age 2 > 1 seconds' in context.exception)
def api_verify_email():
"""
@TODO: add counter/log to track failed attempts
:rtype: Response
:return the success or failed in json format
"""
if 'POST' == request.method:
token = utils.clean_str(request.form.get('tok'))
else:
token = utils.clean_str(request.args.get('tok'))
if not token:
return utils.jsonify_error({'message': 'No token specified.'})
try:
email = utils.get_email_from_token(token,
app.config["SECRET_KEY"],
app.config["SECRET_KEY"])
except Exception as exc:
# @TODO: add dedicated log type
app.logger.error("api_verify_email: {}".format(exc.message))
return utils.jsonify_error({'message': exc.message})
app.logger.debug("Decoded email from token: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user is None:
app.logger.error("Attempt to verify email with incorrect token: {}"
.format(token))
return utils.jsonify_error({'message': 'Sorry.'})
user = UserEntity.update(user, email_confirmed_at=datetime.today())
app.logger.debug("Verified token {} for user {}".format(token, user.email))
# @TODO: add dedicated log type
LogEntity.account_modified(session['uuid'],
"Verified token {} for user {}".format(
token, user.email))
return utils.jsonify_success(
{"message": "Email was verified for {}.".format(email)})
def api_verify_email():
"""
@TODO: add counter/log to track failed attempts
:rtype: Response
:return the success or failed in json format
"""
if 'POST' == request.method:
token = utils.clean_str(request.form.get('tok'))
else:
token = utils.clean_str(request.args.get('tok'))
if not token:
return utils.jsonify_error({'message': 'No token specified.'})
try:
email = utils.get_email_from_token(token,
app.config["SECRET_KEY"],
app.config["SECRET_KEY"])
except Exception as exc:
# @TODO: add dedicated log type
app.logger.error("api_verify_email: {}".format(exc.message))
return utils.jsonify_error({'message': exc.message})
app.logger.debug("Decoded email from token: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user is None:
app.logger.error("Attempt to verify email with incorrect token: {}"
.format(token))
return utils.jsonify_error({'message': 'Sorry.'})
user = UserEntity.update(user, email_confirmed_at=datetime.today())
app.logger.debug("Verified token {} for user {}".format(token, user.email))
# @TODO: add dedicated log type
LogEntity.account_modified(session['uuid'],
"Verified token {} for user {}".format(
token, user.email))
return utils.jsonify_success(
{"message": "Email was verified for {}.".format(email)})
