Ejemplo n.º 1
0
 def POST(self):
     
     # Reads the email in the HTTP request parameters
     email = web.input(email=None).email
     
     # Check if the user exists and is active
     user = User.get_user(email)
           
     if user is None or not user.active:
         raise http.Forbidden("Utilisateur inconnu")
     
     # Checks if there is already an active password token matching this email
     current_password_token = PasswordToken.get_password_token(email)
     
     if current_password_token is not None:
         formatted_creation_dt = formatting.format_date(dates.change_timezone(current_password_token.creation_dt), "%d/%m/%y %H:%M")
         raise http.Forbidden(u"Demande similaire déjà effectuée le %s" % formatted_creation_dt)
     
     # Creates a new password token valid for 2 days
     password_token = PasswordToken(validity=2, user=user, token=PasswordToken.generate_random_token(16))
     config.orm.add(password_token)
     
     # Registers an email notification
     http.register_hook(lambda: notify_via_email(password_token, Events.NEW))
     
     return u"Instructions en cours d'envoi à %s" % email
Ejemplo n.º 2
0
    def POST(self):

        # Reads the email in the HTTP request parameters
        email = web.input(email=None).email

        # Check if the user exists and is active
        user = User.get_user(email)

        if user is None or not user.active:
            raise http.Forbidden("Utilisateur inconnu")

        # Checks if there is already an active password token matching this email
        current_password_token = PasswordToken.get_password_token(email)

        if current_password_token is not None:
            formatted_creation_dt = formatting.format_date(
                dates.change_timezone(current_password_token.creation_dt),
                "%d/%m/%y %H:%M")
            raise http.Forbidden(u"Demande similaire déjà effectuée le %s" %
                                 formatted_creation_dt)

        # Creates a new password token valid for 2 days
        password_token = PasswordToken(
            validity=2,
            user=user,
            token=PasswordToken.generate_random_token(16))
        config.orm.add(password_token)

        # Registers an email notification
        http.register_hook(
            lambda: notify_via_email(password_token, Events.NEW))

        return u"Instructions en cours d'envoi à %s" % email
Ejemplo n.º 3
0
    def test_recover_password(self):

        try:

            old_tokens = [password_token.token for password_token in PasswordToken.all()]
            self.assertEqual(len(old_tokens), 2)
            
            response = app.request("/recover/password", method="POST", data={"email" : UserData.franck_p.email}) #@UndefinedVariable
            self.assertEqual(response.status, HTTP_OK)
            self.assertIn(UserData.franck_p.email, response.data)
            
            new_password_token = config.orm.query(PasswordToken).filter(~PasswordToken.token.in_(old_tokens)).one() #@UndefinedVariable
            self.assertEquals(new_password_token.user, UserData.franck_p)
            self.assertFalse(new_password_token.expired)

            response = app.request("/recover/password", method="POST", data={"email" : UserData.franck_p.email}) #@UndefinedVariable
            self.assertEqual(response.status, HTTP_FORBIDDEN)
            self.assertIn("Demande similaire", response.data)
        
        finally:
            
            #TODO: should be done by the fixture
            new_password_token = config.orm.query(PasswordToken).filter(~PasswordToken.token.in_(old_tokens)).one() #@UndefinedVariable
            config.orm.delete(new_password_token)
            config.orm.commit()
Ejemplo n.º 4
0
    def test_all(self):

        all_password_tokens = PasswordToken.all()
        self.assertEqual(len(all_password_tokens), 2)
        [
            self.assertIsInstance(token, PasswordToken)
            for token in all_password_tokens
        ]
Ejemplo n.º 5
0
 def GET(self):
     
     # Reads the token in the HTTP request parameters
     token = web.input(token=None).token
     
     # Checks if the token is valid
     password_token = PasswordToken.get_token(token)
     
     if password_token is None or password_token.expired:
         raise http.Forbidden()
     
     # The fieldset is bound to the user associated with the token
     password_fieldset = user_forms.NewPasswordFieldSet().bind(password_token.user)
     return config.views.layout(config.views.creation_form(password_fieldset))
Ejemplo n.º 6
0
    def test_get_token(self):

        # These tests work because a PasswordTokenData has a similar structure to a PasswordToken
        # When Tournament.__eq__ is called, it compares the fields without caring of the parameters' actual types

        self.assertIsNone(PasswordToken.get_token(None))
        self.assertIsNone(PasswordToken.get_token(""))
        self.assertIsNone(PasswordToken.get_token("invalid_token"))
        self.assertIsNone(PasswordToken.get_token("znc9TNqpajeN2nEH"))
        self.assertIsNone(PasswordToken.get_token("xjRp67wh3HdjEI6I"))

        self.assertEquals(PasswordToken.get_token("goB9Z7fhsUrjXHDi"), PasswordTokenData.password_token_expired)
        self.assertEquals(PasswordToken.get_token("xYCPayfPCPEPCPaL"), PasswordTokenData.password_token_active)
Ejemplo n.º 7
0
    def GET(self):

        # Reads the token in the HTTP request parameters
        token = web.input(token=None).token

        # Checks if the token is valid
        password_token = PasswordToken.get_token(token)

        if password_token is None or password_token.expired:
            raise http.Forbidden()

        # The fieldset is bound to the user associated with the token
        password_fieldset = user_forms.NewPasswordFieldSet().bind(
            password_token.user)
        return config.views.layout(
            config.views.creation_form(password_fieldset))
Ejemplo n.º 8
0
    def test_get_token(self):

        # These tests work because a PasswordTokenData has a similar structure to a PasswordToken
        # When Tournament.__eq__ is called, it compares the fields without caring of the parameters' actual types

        self.assertIsNone(PasswordToken.get_token(None))
        self.assertIsNone(PasswordToken.get_token(""))
        self.assertIsNone(PasswordToken.get_token("invalid_token"))
        self.assertIsNone(PasswordToken.get_token("znc9TNqpajeN2nEH"))
        self.assertIsNone(PasswordToken.get_token("xjRp67wh3HdjEI6I"))

        self.assertEquals(PasswordToken.get_token("goB9Z7fhsUrjXHDi"),
                          PasswordTokenData.password_token_expired)
        self.assertEquals(PasswordToken.get_token("xYCPayfPCPEPCPaL"),
                          PasswordTokenData.password_token_active)
Ejemplo n.º 9
0
    def POST(self):
        
        # Reads the token in the HTTP request parameters
        token = web.input(token=None).token
        
        # Checks if the token is valid
        password_token = PasswordToken.get_token(token)
        
        if password_token is None or password_token.expired:
            raise http.Forbidden()
        
        # The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used
        password_fieldset = user_forms.NewPasswordFieldSet(password_token).bind(password_token.user, data=web.input())

        # Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process)
        if password_fieldset.validate():
            password_fieldset.sync()
            http.register_hook(lambda: session.login_workflow(password_fieldset.model))
            raise web.seeother("/")
        else:
            return config.views.layout(config.views.creation_form(password_fieldset))
Ejemplo n.º 10
0
    def POST(self):

        # Reads the token in the HTTP request parameters
        token = web.input(token=None).token

        # Checks if the token is valid
        password_token = PasswordToken.get_token(token)

        if password_token is None or password_token.expired:
            raise http.Forbidden()

        # The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used
        password_fieldset = user_forms.NewPasswordFieldSet(
            password_token).bind(password_token.user, data=web.input())

        # Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process)
        if password_fieldset.validate():
            password_fieldset.sync()
            http.register_hook(
                lambda: session.login_workflow(password_fieldset.model))
            raise web.seeother("/")
        else:
            return config.views.layout(
                config.views.creation_form(password_fieldset))
Ejemplo n.º 11
0
    def test_all(self):

        all_password_tokens = PasswordToken.all()
        self.assertEqual(len(all_password_tokens), 2)
        [self.assertIsInstance(token, PasswordToken) for token in all_password_tokens]