def test_resetPassword(self):
usr.addResetPasswordIdToUser('*****@*****.**', 'test-reset-id',
dynamodb)
user = usr.getUserByEmail('*****@*****.**', dynamodb)
userResetId = user.get('resetPasswordId', None)
userPassword = user.get('password', None)
self.assertIsNotNone(userResetId)
res = usr.updatePasswordForEmailAndResetId('*****@*****.**',
'newpassword',
'test-reset-id', dynamodb)
self.assertIsNotNone(res)
updatedUser = usr.getUserByEmail('*****@*****.**', dynamodb)
updatedResetId = updatedUser.get('resetPasswordId', None)
self.assertIsNone(updatedResetId)
updatedPassword = updatedUser.get('password', None)
self.assertNotEqual(userPassword, updatedPassword)
def test_resetUserPasswordFuncPoorData(self):
usr.addResetPasswordIdToUser('*****@*****.**', 'test-reset-id',
dynamodb)
user = usr.getUserByEmail('*****@*****.**', dynamodb)
userResetId = user.get('resetPasswordId', None)
self.assertIsNotNone(userResetId)
userPassword = user.get('password', None)
updatedUser = {'email': "*****@*****.**"}
res = usr.resetUserPassword(updatedUser, dynamodb)
badResJson = '{"errors": [{"message": "We were unable to update the password for this account.", "title": "Failed to Reset Password"}], "user": {}, "payload": {}}'
resJson = ControllerResponse.getResponseString(res)
self.assertEqual(resJson, badResJson)
updatedUser = usr.getUserByEmail('*****@*****.**', dynamodb)
updatedResetId = updatedUser.get('resetPasswordId', None)
self.assertIsNotNone(updatedResetId)
updatedPassword = updatedUser.get('password', None)
self.assertEqual(userPassword, updatedPassword)
def test_resetUserPasswordFunc(self):
usr.addResetPasswordIdToUser('*****@*****.**', 'test-reset-id',
dynamodb)
user = usr.getUserByEmail('*****@*****.**', dynamodb)
userResetId = user.get('resetPasswordId', None)
self.assertIsNotNone(userResetId)
userPassword = user.get('password', None)
updatedUser = {
'email': user.get('email'),
'password': '******',
'id': userResetId
}
res = usr.resetUserPassword(updatedUser, dynamodb)
self.assertIsNotNone(res)
updatedUser = usr.getUserByEmail('*****@*****.**', dynamodb)
updatedResetId = updatedUser.get('resetPasswordId', None)
self.assertIsNone(updatedResetId)
updatedPassword = updatedUser.get('password', None)
self.assertNotEqual(userPassword, updatedPassword)
def verifyAuthToken(token, dbInstance, appSecret=None):
'''
Reads the auth token to make sure it has not been modified and that it is not expired
'''
if appSecret == None:
raise ValueError('appSecret cannot be none')
retval = None
s = Serializer(appSecret)
try:
user = s.loads(token)
email = user['email']
password = user['password']
userFromDB = user_ctrl.getUserByEmail(email, dbInstance)
if isPasswordValid(userFromDB, password) == True:
retval = user # user from token
else:
raise BadSignature('Token password did not match stored password')
except (SignatureExpired, BadSignature) as e:
MentiiLogging.getLogger().warning(e)
retval = None
return retval
def verifyPassword(emailOrToken, password, dynamoDBInstance, appSecret=None):
'''
Verifies the user's credentials for all authenticated calls. This is called by the @auth.login_required
decorator. Reads from information passed in through a Basic Authentication HTTP header. Username is
either email or the token. If the token is passed as the username the password field is unused.
'''
if appSecret == None:
raise ValueError('appSecret cannot be none')
user = verifyAuthToken(emailOrToken, dynamoDBInstance, appSecret)
isPasswordVerified = False
if not user:
if emailOrToken != '' and password != '':
userFromDB = user_ctrl.getUserByEmail(
emailOrToken, dynamoDBInstance) # user object from db
if userFromDB != None and user_ctrl.isUserActive(
userFromDB) and isPasswordValid(userFromDB, password):
g.authenticatedUser = buildUserObject(userFromDB)
isPasswordVerified = True
else:
g.authenticatedUser = buildUserObject(user)
isPasswordVerified = True
return isPasswordVerified