Example #1
0
 def _recover_password(self, address):
     """Email a recovery token for the user."""
     _log.info("Recover password for %s", address)
     if not _email_throttler.is_allowed():
         _log.warn("Throttling to avoid being blacklisted")
         raise HTTPErrorEx(
             httplib.SERVICE_UNAVAILABLE,
             "Request throttled",
             headers={"Retry-After",
                      str(_email_throttler.interval_sec)})
     db_sess = self.db_session()
     try:
         token = users.get_token(db_sess, address)
     except ValueError:
         # To avoid revealing who subscribes to our service to
         # third parties, this must behave identically to the case
         # where the email is recognised.
         db_sess.rollback()
         _log.info("Silently ignoring unrecognised email")
     else:
         db_sess.commit()
         user = users.get_details(db_sess, address)
         urlbase = self.request.protocol + "://" + self.request.host + \
             settings.EMAIL_RECOVERY_PATH
         mail.send_recovery_message(urlbase, user["email"],
                                    user["full_name"], token)
     self.send_success(httplib.OK)
Example #2
0
    def test_mainline(self, smtp):
        address = "*****@*****.**"
        full_name = "Robert Your Uncle"
        token = "deadbeef01&2"
        server = MagicMock()
        smtp.return_value = server
        self._message = None
        def dosave(x, y, z):
            self._message = z
        server.sendmail.side_effect = dosave
        
        urlbase = "https://www.example.com/forgotpassword?"
        mail.send_recovery_message(urlbase, address, full_name, token)

        smtp.assert_called_once_with(host = "smtp.example.com",
                                     port = 25,
                                     timeout = 10)
        server.starttls.assert_called_once_with()
        server.login.assert_called_once_with("anonymous", "password")
        server.sendmail.assert_called_once_with("*****@*****.**", "*****@*****.**", ANY)
        server.quit.assert_called_once_with()
        self.assertIn("please click on the link", self._message)
        self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message)
        self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message)
        self.assertTrue(self._message.startswith("From: "), msg=">>" + self._message + "<<")
Example #3
0
 def _recover_password(self, address):
     """Email a recovery token for the user."""
     _log.info("Recover password for %s", address)
     if not _email_throttler.is_allowed():
         _log.warn("Throttling to avoid being blacklisted")
         raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)})
     db_sess = self.db_session()
     try:
         token = users.get_token(db_sess, address)
         db_sess.commit()
     except ValueError:
         # To avoid revealing who subscribes to our service to
         # third parties, this must behave identically to the case
         # where the email is recognised.
         _log.info("Silently ignoring unrecognised email")
     else:
         user = users.get_details(db_sess, address)
         urlbase = self.request.protocol + "://" + self.request.host + \
             settings.EMAIL_RECOVERY_PATH
         mail.send_recovery_message(urlbase, user["email"], user["full_name"], token)
     self.send_success(httplib.OK)