def setup_view(self, login_id, key):
# this probably should never happen, but doesn't hurt to check
if not key or not login_id:
self.abort()
user = orm_User.get_by(login_id=login_id)
if not user or user.inactive:
self.abort()
if key != user.pass_reset_key:
self.abort()
expires_on = user.pass_reset_ts + datetime.timedelta(
hours=settings.components.auth.password_rest_expires_after
)
if datetime.datetime.utcnow() > expires_on:
self.abort('password reset link expired')
self.user = user
self.form = NewPasswordForm()
def test_user_get_by_login():
u = create_user_with_permissions()
obj = User.get_by(login_id=u.login_id)
assert u.id == obj.id
