def test_get_validation(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() res = self.client.get(f"/api/recovery/{recovery.key}") self.assertEqual(200, res.status_code) self.assertEqual(recovery.json(), json.loads(res.data)["recovery"])
def test_put_recovery_expired(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.time -= 2 * PasswordRecoveryModel.VALID_UNTIL recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(403, res.status_code)
def test_put_recovery(self): with self.app.app_context(): user = UsersModel("test", "test") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() new_password = "******" res = self.client.put(f"/api/recovery/{recovery.key}", data={"new_password": new_password}) self.assertEqual(200, res.status_code) self.assertEqual(user.json(), json.loads(res.data)["user"]) self.assertTrue(user.check_password(new_password))
def test_model_add_duplicate_key(self): with self.app.app_context(): recovery = PasswordRecoveryModel(1) recovery.save_to_db() same_recovery = PasswordRecoveryModel(2, key=recovery.key) with self.assertRaises(Exception): same_recovery.save_to_db()
def put(self, key): data = parse_data(True) del data["email"] check_constraints_user(data) with lock: recovery = PasswordRecoveryModel.find_by_key(key) if recovery is None: return { "message": f"Password Recovery with ['key':{key}] is invalid." }, 403 if recovery.has_time_expired(): return {"message": "Password Recovery time has expired."}, 403 user = UsersModel.find_by_id(recovery.user_id) if user is None or not user.state: return { "message": "User doesn't exist or has deleted the account." }, 404 try: user.update_password_from_db(data['new_password']) recovery.delete_from_db() except Exception as e: return {"message": str(e)}, 500 return {"user": user.json()}, 200
def get(self, key): with lock: recovery = PasswordRecoveryModel.find_by_key(key) if recovery is None: return { "message": f"Password Recovery with ['key':{key}] is invalid" }, 404 return {"recovery": recovery.json()}, 200
def test_model_delete(self): with self.app.app_context(): recovery = PasswordRecoveryModel(1) recovery.save_to_db() recovery.delete_from_db() self.assertEqual([], PasswordRecoveryModel.query.all())
def test_model_add(self): with self.app.app_context(): recovery = PasswordRecoveryModel(1) recovery.save_to_db() self.assertEqual( PasswordRecoveryModel.find_by_id(recovery.user_id).json(), recovery.json())
def test_recovery_mail(self): with self.app.app_context(), mail.record_messages() as outbox: user = UsersModel("test", "*****@*****.**") user.hash_password("test") user.save_to_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() root = "http://test.com/" recovery.send_email(user.email, root) self.assertEqual(1, len(outbox)) self.assertEqual("Password recovery", outbox[0].subject) self.assertEqual(user.email, outbox[0].recipients[0]) self.assertTrue( f"http://test.com/reset?key={recovery.key}" in outbox[0].body)
def post(self): email = parse_data()['email'] with lock: user = UsersModel.find_by_email(email) if user is None: return { "message": f"Password Recovery with ['email':{email}] is not found" }, 404 recovery = PasswordRecoveryModel.find_by_id(user.id) try: if recovery is not None: recovery.delete_from_db() recovery = PasswordRecoveryModel(user.id) recovery.save_to_db() except Exception as e: return {"message": str(e)}, 500 recovery.send_email(email, request.url_root) return {"user": user.json()}, 201