def test_18_add_and_delete_password_reset(self):
p1 = PasswordReset("recoverycode", "cornelius",
"realm", expiration=datetime.now() + timedelta(
seconds=120))
p1.save()
p2 = PasswordReset.query.filter_by(username="******",
realm="realm").first()
self.assertTrue(p2.recoverycode, "recoverycode")
def test_18_add_and_delete_password_reset(self):
p1 = PasswordReset("recoverycode", "cornelius",
"realm", expiration=datetime.now() + timedelta(
seconds=120))
p1.save()
p2 = PasswordReset.query.filter_by(username="******",
realm="realm").first()
self.assertTrue(p2.recoverycode, "recoverycode")
def create_recoverycode(user,
email=None,
expiration_seconds=3600,
recoverycode=None,
base_url=""):
"""
Create and send a password recovery code
:param user: User for whom the password reset code should be sent
:type user: User Object
:param email: The optional email of the user
:param recoverycode: Only used for testing purpose
:return: bool
"""
base_url = base_url.strip("recover")
base_url += "#"
recoverycode = recoverycode or generate_password(size=24)
hash_code = hash_with_pepper(recoverycode)
# send this recoverycode
#
pwreset = PasswordReset(hash_code,
username=user.login,
realm=user.realm,
expiration_seconds=expiration_seconds)
pwreset.save()
res = False
if not user:
raise UserError("User required for recovery token.")
user_email = user.info.get("email")
if email and email.lower() != user_email.lower():
raise UserError("The email does not match the users email.")
identifier = get_from_config("recovery.identifier")
if identifier:
# send email
r = send_email_identifier(
identifier, user_email, "Your password reset",
BODY.format(base_url, user.login, user.realm, recoverycode))
if not r:
raise privacyIDEAError("Failed to send email. {0!s}".format(r))
else:
raise ConfigAdminError("Missing configuration " "recovery.identifier.")
res = True
return res
def create_recoverycode(user, email=None, expiration_seconds=3600,
recoverycode=None, base_url=""):
"""
Create and send a password recovery code
:param user: User for whom the password reset code should be sent
:type user: User Object
:param email: The optional email of the user
:param recoverycode: Only used for testing purpose
:return: bool
"""
base_url = base_url.strip("recover")
base_url += "#"
recoverycode = recoverycode or generate_password(size=24)
hash_code = hash_with_pepper(recoverycode)
# send this recoverycode
#
pwreset = PasswordReset(hash_code, username=user.login,
realm=user.realm,
expiration_seconds=expiration_seconds)
pwreset.save()
res = False
if not user:
raise UserError("User required for recovery token.")
user_email = user.info.get("email")
if email and email.lower() != user_email.lower():
raise UserError("The email does not match the users email.")
identifier = get_from_config("recovery.identifier")
if identifier:
# send email
r = send_email_identifier(identifier, user_email,
"Your password reset",
BODY.format(base_url,
user.login, user.realm,
recoverycode))
if not r:
raise privacyIDEAError("Failed to send email. {0!s}".format(r))
else:
raise ConfigAdminError("Missing configuration "
"recovery.identifier.")
res = True
return res
