Exemple #1
0
 def test_18_add_and_delete_password_reset(self):
     p1 = PasswordReset("recoverycode", "cornelius",
                        "realm", expiration=datetime.now() + timedelta(
             seconds=120))
     p1.save()
     p2 = PasswordReset.query.filter_by(username="******",
                                        realm="realm").first()
     self.assertTrue(p2.recoverycode, "recoverycode")
Exemple #2
0
 def test_18_add_and_delete_password_reset(self):
     p1 = PasswordReset("recoverycode", "cornelius",
                        "realm", expiration=datetime.now() + timedelta(
             seconds=120))
     p1.save()
     p2 = PasswordReset.query.filter_by(username="******",
                                        realm="realm").first()
     self.assertTrue(p2.recoverycode, "recoverycode")
Exemple #3
0
def create_recoverycode(user,
                        email=None,
                        expiration_seconds=3600,
                        recoverycode=None,
                        base_url=""):
    """
    Create and send a password recovery code

    :param user: User for whom the password reset code should be sent
    :type user: User Object
    :param email: The optional email of the user
    :param recoverycode: Only used for testing purpose
    :return: bool
    """
    base_url = base_url.strip("recover")
    base_url += "#"
    recoverycode = recoverycode or generate_password(size=24)
    hash_code = hash_with_pepper(recoverycode)
    # send this recoverycode
    #
    pwreset = PasswordReset(hash_code,
                            username=user.login,
                            realm=user.realm,
                            expiration_seconds=expiration_seconds)
    pwreset.save()

    res = False
    if not user:
        raise UserError("User required for recovery token.")
    user_email = user.info.get("email")
    if email and email.lower() != user_email.lower():
        raise UserError("The email does not match the users email.")

    identifier = get_from_config("recovery.identifier")
    if identifier:
        # send email
        r = send_email_identifier(
            identifier, user_email, "Your password reset",
            BODY.format(base_url, user.login, user.realm, recoverycode))
        if not r:
            raise privacyIDEAError("Failed to send email. {0!s}".format(r))
    else:
        raise ConfigAdminError("Missing configuration " "recovery.identifier.")
    res = True
    return res
def create_recoverycode(user, email=None, expiration_seconds=3600,
                        recoverycode=None, base_url=""):
    """
    Create and send a password recovery code

    :param user: User for whom the password reset code should be sent
    :type user: User Object
    :param email: The optional email of the user
    :param recoverycode: Only used for testing purpose
    :return: bool
    """
    base_url = base_url.strip("recover")
    base_url += "#"
    recoverycode = recoverycode or generate_password(size=24)
    hash_code = hash_with_pepper(recoverycode)
    # send this recoverycode
    #
    pwreset = PasswordReset(hash_code, username=user.login,
                            realm=user.realm,
                            expiration_seconds=expiration_seconds)
    pwreset.save()

    res = False
    if not user:
        raise UserError("User required for recovery token.")
    user_email = user.info.get("email")
    if email and email.lower() != user_email.lower():
        raise UserError("The email does not match the users email.")

    identifier = get_from_config("recovery.identifier")
    if identifier:
        # send email
        r = send_email_identifier(identifier, user_email,
                                  "Your password reset",
                                  BODY.format(base_url,
                                              user.login, user.realm,
                                              recoverycode))
        if not r:
            raise privacyIDEAError("Failed to send email. {0!s}".format(r))
    else:
        raise ConfigAdminError("Missing configuration "
                               "recovery.identifier.")
    res = True
    return res