def send_recovery_email(email):
context = {
'client': client,
'recover_url': os.getenv('RECOVER_URL'),
'token': Serializer.generate_token(email)
}
plain = render_template('emails/account_recovery.txt', **context)
msg = Message(subject='Recover Your Account', mail_from=mailer, text=plain)
return msg.send(to=email)
def test_confirm_user_registration(api, register, mock_user):
''' Confirm a newly registered user '''
user = register(**mock_user)
payload = {'token': 'badtoken'}
res = api.post("/api/validate/confirmation", data=payload)
assert res.status_code == 400, "should deny operation if token is invalid"
assert res.json == errors.InvalidToken, "should prompt error"
payload['token'] = Serializer.generate_token(**mock_user)
res = api.post("/api/validate/confirmation", data=payload)
assert res.status_code == 200, "should allow operation if token is valid"
def send_confirmation_email(email, name):
context = {
'client': client,
'confirm_url': os.getenv('CONFIRMATION_URL'),
'token': Serializer.generate_token(email)
}
plain = render_template('emails/user_confirmation.txt', **context)
msg = Message(subject='Welcome, {}'.format(name),
mail_from=mailer,
text=plain)
return msg.send(to=email)
def post(self):
args = self.parser['post'].parse_args()
email = Serializer.confirm_token(args['token'])
if not email:
return errors.InvalidToken()
user = user_store.find_user(email=email)
if user:
user_store.activate_user(user)
user.confirmed_at = datetime.utcnow()
db.session.commit()
return {'message': 'Account confirmed'}
else:
return errors.InvalidToken()
def post(self):
args = self.parser['post'].parse_args()
email = Serializer.confirm_token(args['token'])
if not email:
return errors.InvalidToken()
user = user_store.find_user(email=email)
if user:
if args['new_password'] == args['confirm']:
user.password = args['new_password']
db.session.commit()
return {'message': 'Password reset'}
else:
return errors.PasswordConfirmationInvalid()
else:
return errors.InvalidToken()
def test_validate_account_recovery(api, register, mock_user):
''' Recover account with invalid token '''
user = register(**mock_user, confirmed=True)
payload = {
'token': 'badtoken',
'new_password': '******',
'confirm': 'newpass'
}
res = api.post("/api/validate/recovery", data=payload)
assert res.status_code == 400, "should deny operation if token is invalid"
assert res.json == errors.InvalidToken, "should prompt error"
''' Recover account with non-matching new passwords '''
payload['token'] = Serializer.generate_token(**mock_user)
payload['confirm'] = 'wrongpass'
res = api.post("/api/validate/recovery", data=payload)
assert res.status_code == 401, "should deny if new passwords do not match"
assert res.json == errors.PasswordConfirmationInvalid, "should prompt error"
''' Reset password and recover account '''
payload['confirm'] = 'newpass'
res = api.post("/api/validate/recovery", data=payload)
assert res.status_code == 200, "should allow operation"
def generate(email, **kwargs):
print("validation_token : ", Serializer.generate_token(email))
def test_serializer(mock_user):
token = Serializer.generate_token(**mock_user)
assert token, "should return new token"
assert Serializer.confirm_token(
token) == mock_user['email'], "should be confirmable by token owner"