def test_get_validation(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
res = self.client.get(f"/api/recovery/{recovery.key}")
self.assertEqual(200, res.status_code)
self.assertEqual(recovery.json(), json.loads(res.data)["recovery"])
def test_put_recovery_expired(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.time -= 2 * PasswordRecoveryModel.VALID_UNTIL
recovery.save_to_db()
new_password = "******"
res = self.client.put(f"/api/recovery/{recovery.key}",
data={"new_password": new_password})
self.assertEqual(403, res.status_code)
def test_put_recovery(self):
with self.app.app_context():
user = UsersModel("test", "test")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
new_password = "******"
res = self.client.put(f"/api/recovery/{recovery.key}",
data={"new_password": new_password})
self.assertEqual(200, res.status_code)
self.assertEqual(user.json(), json.loads(res.data)["user"])
self.assertTrue(user.check_password(new_password))
def test_model_add_duplicate_key(self):
with self.app.app_context():
recovery = PasswordRecoveryModel(1)
recovery.save_to_db()
same_recovery = PasswordRecoveryModel(2, key=recovery.key)
with self.assertRaises(Exception):
same_recovery.save_to_db()
def put(self, key):
data = parse_data(True)
del data["email"]
check_constraints_user(data)
with lock:
recovery = PasswordRecoveryModel.find_by_key(key)
if recovery is None:
return {
"message":
f"Password Recovery with ['key':{key}] is invalid."
}, 403
if recovery.has_time_expired():
return {"message": "Password Recovery time has expired."}, 403
user = UsersModel.find_by_id(recovery.user_id)
if user is None or not user.state:
return {
"message": "User doesn't exist or has deleted the account."
}, 404
try:
user.update_password_from_db(data['new_password'])
recovery.delete_from_db()
except Exception as e:
return {"message": str(e)}, 500
return {"user": user.json()}, 200
def get(self, key):
with lock:
recovery = PasswordRecoveryModel.find_by_key(key)
if recovery is None:
return {
"message":
f"Password Recovery with ['key':{key}] is invalid"
}, 404
return {"recovery": recovery.json()}, 200
def test_model_delete(self):
with self.app.app_context():
recovery = PasswordRecoveryModel(1)
recovery.save_to_db()
recovery.delete_from_db()
self.assertEqual([], PasswordRecoveryModel.query.all())
def test_model_add(self):
with self.app.app_context():
recovery = PasswordRecoveryModel(1)
recovery.save_to_db()
self.assertEqual(
PasswordRecoveryModel.find_by_id(recovery.user_id).json(),
recovery.json())
def test_recovery_mail(self):
with self.app.app_context(), mail.record_messages() as outbox:
user = UsersModel("test", "*****@*****.**")
user.hash_password("test")
user.save_to_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
root = "http://test.com/"
recovery.send_email(user.email, root)
self.assertEqual(1, len(outbox))
self.assertEqual("Password recovery", outbox[0].subject)
self.assertEqual(user.email, outbox[0].recipients[0])
self.assertTrue(
f"http://test.com/reset?key={recovery.key}" in outbox[0].body)
def post(self):
email = parse_data()['email']
with lock:
user = UsersModel.find_by_email(email)
if user is None:
return {
"message":
f"Password Recovery with ['email':{email}] is not found"
}, 404
recovery = PasswordRecoveryModel.find_by_id(user.id)
try:
if recovery is not None:
recovery.delete_from_db()
recovery = PasswordRecoveryModel(user.id)
recovery.save_to_db()
except Exception as e:
return {"message": str(e)}, 500
recovery.send_email(email, request.url_root)
return {"user": user.json()}, 201