def trycaptcha(email, recaptcha_response, tou_accepted):
"""
Kantara requires a check for humanness even at level AL1.
"""
if not tou_accepted:
return {'_status': 'error', 'message': 'signup.tou-not-accepted'}
config = current_app.config
remote_ip = request.remote_addr
recaptcha_public_key = config.get('RECAPTCHA_PUBLIC_KEY', '')
if recaptcha_public_key:
recaptcha_private_key = config.get('RECAPTCHA_PRIVATE_KEY', '')
recaptcha_verified = verify_recaptcha(recaptcha_private_key,
recaptcha_response, remote_ip)
else:
# If recaptcha_public_key is not set recaptcha is disabled
recaptcha_verified = True
current_app.logger.info('CAPTCHA disabled')
if recaptcha_verified:
next = check_email_status(email)
if next == 'new':
# Workaround for failed earlier sync of user to userdb: Remove any signup_user with this e-mail address.
remove_users_with_mail_address(email)
send_verification_mail(email)
msg = 'signup.registering-{}'.format(next)
return {'message': msg, 'next': next}
return {'_status': 'error', 'message': 'signup.recaptcha-not-verified'}
def _verify_code(
self,
mock_add_credentials: Any,
mock_request_user_sync: Any,
mock_sendmail: Any,
mock_recaptcha: Any,
code: str = '',
email: str = '*****@*****.**',
):
"""
Test the verification link sent by email
:param code: the code to use
:param email: the email address to use
"""
mock_add_credentials.return_value = True
mock_request_user_sync.return_value = True
mock_sendmail.return_value = True
mock_recaptcha.return_value = True
with self.session_cookie(self.browser) as client:
with client.session_transaction():
with self.app.test_request_context():
send_verification_mail(email)
signup_user = self.app.private_userdb.get_user_by_pending_mail_address(
email)
code = code or signup_user.pending_mail_address.verification_code
return client.get('/verify-link/' + code)
def resend_email_verification(email):
"""
The user has not yet verified the email address.
Send a verification message to the address so it can be verified.
"""
current_app.logger.debug("Resend email confirmation to {!s}".format(email))
send_verification_mail(email)
current_app.stats.count(name='resend_code')
return success_response(message=SignupMsg.resent_success)
def resend_email_verification(email):
"""
The user has not yet verified the email address.
Send a verification message to the address so it can be verified.
"""
current_app.logger.debug("Resend email confirmation to {!s}".format(email))
send_verification_mail(email)
return {'message': 'signup.verification-resent'}
def resend_email_verification(email):
"""
The user has not yet verified the email address.
Send a verification message to the address so it can be verified.
"""
current_app.logger.debug("Resend email confirmation to {!s}".format(email))
send_verification_mail(email)
return {'message': 'signup.verification-resent'}
def trycaptcha(email, recaptcha_response, tou_accepted):
"""
Kantara requires a check for humanness even at level AL1.
"""
if not tou_accepted:
return error_response(message=SignupMsg.no_tou)
config = current_app.config
recaptcha_verified = False
# add a backdoor to bypass recaptcha checks for humanness,
# to be used in testing environments for automated integration tests.
if check_magic_cookie(config):
current_app.logger.info(
'Using BACKDOOR to verify reCaptcha during signup!')
recaptcha_verified = True
# common path with no backdoor
if not recaptcha_verified:
remote_ip = request.remote_addr
recaptcha_public_key = config.recaptcha_public_key
if recaptcha_public_key:
recaptcha_private_key = config.recaptcha_private_key
recaptcha_verified = verify_recaptcha(recaptcha_private_key,
recaptcha_response,
remote_ip)
else:
recaptcha_verified = False
current_app.logger.info('Missing configuration for reCaptcha!')
if recaptcha_verified:
next = check_email_status(email)
if next == 'new':
# Workaround for failed earlier sync of user to userdb: Remove any signup_user with this e-mail address.
remove_users_with_mail_address(email)
send_verification_mail(email)
return success_response(payload=dict(next=next),
message=SignupMsg.reg_new)
elif next == 'resend-code':
return {'next': next}
elif next == 'address-used':
current_app.stats.count(name='address_used_error')
return error_response(payload=dict(next=next),
message=SignupMsg.email_used)
return error_response(message=SignupMsg.no_recaptcha)
def test_verify_non_existing_code(self, mock_add_credentials,
mock_request_user_sync):
mock_add_credentials.return_value = True
mock_request_user_sync.return_value = True
email = '*****@*****.**'
with self.session_cookie(self.browser) as client:
with client.session_transaction() as sess:
with self.app.test_request_context():
send_verification_mail(email)
response = client.get('/verify-link/' + 'dummy')
data = json.loads(response.data)
self.assertEqual(data['type'],
'GET_SIGNUP_VERIFY_LINK_SUCCESS')
self.assertEqual(data['payload']['status'], 'unknown-code')
def test_verify_code_remove_previous(self, mock_add_credentials,
mock_request_user_sync):
mock_add_credentials.return_value = True
mock_request_user_sync.return_value = True
email = '*****@*****.**'
with self.session_cookie(self.browser) as client:
with client.session_transaction() as sess:
with self.app.test_request_context():
data = {
'email': email,
'recaptcha_response': 'dummy',
'tou_accepted': True,
'csrf_token': sess.get_csrf_token()
}
client.post('/trycaptcha',
data=json.dumps(data),
content_type=self.content_type_json)
code = send_verification_mail(email)
response = client.get('/verify-link/' + code)
data = json.loads(response.data)
self.assertEqual(data['type'],
'GET_SIGNUP_VERIFY_LINK_SUCCESS')
def trycaptcha(email, recaptcha_response, tou_accepted):
"""
Kantara requires a check for humanness even at level AL1.
"""
if not tou_accepted:
return {
'_status': 'error',
'message': 'signup.tou-not-accepted'
}
config = current_app.config
remote_ip = request.remote_addr
recaptcha_public_key = config.get('RECAPTCHA_PUBLIC_KEY', '')
if recaptcha_public_key:
recaptcha_private_key = config.get('RECAPTCHA_PRIVATE_KEY', '')
recaptcha_verified = verify_recaptcha(recaptcha_private_key,
recaptcha_response, remote_ip)
else:
# If recaptcha_public_key is not set recaptcha is disabled
recaptcha_verified = True
current_app.logger.info('CAPTCHA disabled')
if recaptcha_verified:
next = check_email_status(email)
if next == 'new':
# Workaround for failed earlier sync of user to userdb: Remove any signup_user with this e-mail address.
remove_users_with_mail_address(email)
send_verification_mail(email)
return {
'message': 'signup.registering-new',
'next': next
}
elif next == 'resend-code':
return {
'next': next
}
elif next == 'address-used':
return {
'_status': 'error',
'message': 'signup.registering-address-used',
'next': next
}
return {
'_status': 'error',
'message': 'signup.recaptcha-not-verified'
}
def _verify_code_after_captcha(
self,
mock_add_credentials: Any,
mock_request_user_sync: Any,
mock_sendmail: Any,
mock_recaptcha: Any,
data1: Optional[dict] = None,
email: str = '*****@*****.**',
):
"""
Verify the pending account with an emailed verification code after creating the account by verifying the captcha.
:param data1: to control the data sent to the trycaptcha endpoint
:param email: what email address to use
"""
mock_add_credentials.return_value = True
mock_request_user_sync.return_value = True
mock_sendmail.return_value = True
mock_recaptcha.return_value = True
with self.session_cookie(self.browser) as client:
with client.session_transaction() as sess:
with self.app.test_request_context():
data = {
'email': email,
'recaptcha_response': 'dummy',
'tou_accepted': True,
'csrf_token': sess.get_csrf_token(),
}
if data1 is not None:
data.update(data1)
client.post('/trycaptcha',
data=json.dumps(data),
content_type=self.content_type_json)
if data1 is None:
send_verification_mail(email)
signup_user = self.app.private_userdb.get_user_by_pending_mail_address(
email)
response = client.get(
'/verify-link/' +
signup_user.pending_mail_address.verification_code)
return json.loads(response.data)
def _get_code_backdoor(
self,
mock_add_credentials: Any,
mock_request_user_sync: Any,
mock_sendmail: Any,
mock_recaptcha: Any,
email: str,
):
"""
Test getting the generatied verification code through the backdoor
"""
mock_add_credentials.return_value = True
mock_request_user_sync.return_value = True
mock_sendmail.return_value = True
mock_recaptcha.return_value = True
with self.session_cookie(self.browser) as client:
with client.session_transaction():
with self.app.test_request_context():
send_verification_mail(email)
client.set_cookie('localhost',
key=self.app.config.magic_cookie_name,
value=self.app.config.magic_cookie)
return client.get(f'/get-code?email={email}')