def passwordreset_request(email):
"""Password reseting request."""
# find the user in question
focus_user = None
for user in data.return_users():
if user['email'] == email:
focus_user = user
break
if focus_user is None:
raise InputError('This is an incorrect email')
# create the secret code
code = create_secret(10, whitespace=False)
# store the code
u_id = focus_user['u_id']
data.update_user(u_id, 'password_reset', {
'origin': datetime.datetime.utcnow(),
'code': code
})
# get the html formatted
html = data.return_password_reset_email().format(
PREVIEWTEXT='This is your password reset code',
FIRSTNAME=focus_user.get('name_first'),
CODE=code)
# send the email
send_email(email, html)
return {}
def auth_login(email, password):
"""Used to log user into program."""
# check if email is valid.
regex_email_check(email)
# Check if email is used by user.
focus_user = check_in_users('email', data.return_users(), email)
# If not stored, raise an error.
if focus_user is None:
raise InputError('Email is not for a registered user')
# Check password is correct
if focus_user['password'] != hash_(password):
raise InputError('Incorrect Password')
# Creates a token
u_id = focus_user['u_id']
session_secret = create_secret(50)
token = create_token(u_id, session_secret)
# update the session_secret in stored users
data.update_user(u_id, 'session_secret', session_secret)
token_object = {
'u_id': u_id,
'token': token,
}
return token_object
def auth_logout(token):
"""Used to log user out of program."""
# decode the user from the token
user = decode_token(token)
if user is None:
return {'is_success': False}
# remove the session secret in data structure
data.update_user(user['u_id'], 'session_secret', None)
# if user has been found while decoding the token,
# the process worked 100%
return {'is_success': True}
def admin_userpermission_change(token, u_id, permission_id):
"""Change the permission if the admin is a owner."""
i = owner_from_token(token) # check that token exists
users = data.return_users()
found = 0
for user in users: # Check that u_id is valid.
if user['u_id'] == u_id:
found = 1
break
if found != 1:
raise InputError(description='The u_id is invalid.')
if permission_id not in range(1, 3): # Check the permission_id.
raise InputError(description='The permission_id is invalid.')
if i['permission_id'] != 1: # The admin is not a owner_num.
raise AccessError(description='The admin is not a owner.')
data.update_user(u_id, 'permission_id', permission_id)
return {}
def passwordreset_reset(reset_code, new_password):
"""Check if reset_code is correct."""
# check that password is valid length
if len(new_password) < 6:
raise InputError('Password Too Short')
now = datetime.datetime.utcnow()
# check that the code stored was the same as given code
focus_user = None
for user in data.return_users():
if (user.get('password_reset').get('code') == reset_code and abs(
(now - user.get('password_reset').get('origin')).total_seconds()) <
500):
focus_user = user
break
# raise input error if person is faulty
if focus_user is None:
raise InputError('Invalid Reset Code')
# store the new password
data.update_user(focus_user['u_id'], 'password', hash_(new_password))
return {}
def test_passwordreset_reset_invalid_time():
'''
Given a reset code for a user, set that user's new password to the password provided
'''
clear()
# register a user
u_id = auth.auth_register('*****@*****.**', 'password', 'Mate', 'Old').get('u_id')
# send the password reset
auth.passwordreset_request('*****@*****.**')
code = get_reset_code(u_id).get('code')
# make the time an hour before
now = datetime.datetime.utcnow()
before = now - datetime.timedelta(hours=2)
data.update_user(u_id, 'password_reset', {
'origin': before,
'code': code
})
# check there's an inputerror
with pytest.raises(InputError):
auth.passwordreset_reset(code, 'passwordTime')