Example #1
0
 def test_get_token_again(self):
     self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now(
     ) - datetime.timedelta(seconds=10)
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_called_once_with(
         ANY, {'email': "*****@*****.**"})
     self.assertEquals("etaoinshrdlu", token)
Example #2
0
 def _recover_password(self, address):
     """Email a recovery token for the user."""
     _log.info("Recover password for %s", address)
     if not _email_throttler.is_allowed():
         _log.warn("Throttling to avoid being blacklisted")
         raise HTTPErrorEx(
             httplib.SERVICE_UNAVAILABLE,
             "Request throttled",
             headers={"Retry-After",
                      str(_email_throttler.interval_sec)})
     db_sess = self.db_session()
     try:
         token = users.get_token(db_sess, address)
     except ValueError:
         # To avoid revealing who subscribes to our service to
         # third parties, this must behave identically to the case
         # where the email is recognised.
         db_sess.rollback()
         _log.info("Silently ignoring unrecognised email")
     else:
         db_sess.commit()
         user = users.get_details(db_sess, address)
         urlbase = self.request.protocol + "://" + self.request.host + \
             settings.EMAIL_RECOVERY_PATH
         mail.send_recovery_message(urlbase, user["email"],
                                    user["full_name"], token)
     self.send_success(httplib.OK)
Example #3
0
 def test_get_token_expired(self, get_random_bytes):
     self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now() - datetime.timedelta(days=2)
     get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_has_calls([call(ANY, {'email': "*****@*****.**"}),
                                                 call(ANY, {'email': "*****@*****.**",
                                                            'token': ANY,
                                                            'created' : ANY})])
     get_random_bytes.assert_called_once_with(16)
     self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
Example #4
0
 def test_get_token_first(self, get_random_bytes):
     self.mock_cursor.fetchone.return_value = None, None
     get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_has_calls([call(ANY, {'email': "*****@*****.**"}),
                                                 call(ANY, {'email': "*****@*****.**",
                                                            'token': ANY,
                                                            'created' : ANY})])
     get_random_bytes.assert_called_once_with(16)
     self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
Example #5
0
 def test_get_token_first(self, get_random_bytes):
     self.mock_cursor.fetchone.return_value = None, None
     get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_has_calls([
         call(ANY, {'email': "*****@*****.**"}),
         call(ANY, {
             'email': "*****@*****.**",
             'token': ANY,
             'created': ANY
         })
     ])
     get_random_bytes.assert_called_once_with(16)
     self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
Example #6
0
 def test_get_token_expired(self, get_random_bytes):
     self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now(
     ) - datetime.timedelta(days=2)
     get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_has_calls([
         call(ANY, {'email': "*****@*****.**"}),
         call(ANY, {
             'email': "*****@*****.**",
             'token': ANY,
             'created': ANY
         })
     ])
     get_random_bytes.assert_called_once_with(16)
     self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
Example #7
0
 def _recover_password(self, address):
     """Email a recovery token for the user."""
     _log.info("Recover password for %s", address)
     if not _email_throttler.is_allowed():
         _log.warn("Throttling to avoid being blacklisted")
         raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)})
     db_sess = self.db_session()
     try:
         token = users.get_token(db_sess, address)
         db_sess.commit()
     except ValueError:
         # To avoid revealing who subscribes to our service to
         # third parties, this must behave identically to the case
         # where the email is recognised.
         _log.info("Silently ignoring unrecognised email")
     else:
         user = users.get_details(db_sess, address)
         urlbase = self.request.protocol + "://" + self.request.host + \
             settings.EMAIL_RECOVERY_PATH
         mail.send_recovery_message(urlbase, user["email"], user["full_name"], token)
     self.send_success(httplib.OK)
Example #8
0
 def test_get_token_again(self):
     self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now() - datetime.timedelta(seconds=10)
     token = users.get_token(self.mock_session, "*****@*****.**")
     self.mock_session.execute.assert_called_once_with(ANY, {'email': "*****@*****.**"})
     self.assertEquals("etaoinshrdlu", token)