def password_email(user):
"""
For resetting a user's password.
"""
from r2.lib.pages import PasswordReset
reset_count_key = "email-reset_count_%s" % user._id
g.cache.add(reset_count_key, 0, time=3600 * 12)
if g.cache.incr(reset_count_key) > 3:
return False
reset_count_global = "email-reset_count_global"
g.cache.add(reset_count_global, 0, time=3600)
if g.cache.incr(reset_count_global) > 1000:
raise ValueError(
"Somebody's beating the hell out of the password reset box")
token = PasswordResetToken._new(user)
base = g.https_endpoint or g.origin
passlink = base + '/resetpassword/' + token._id
g.log.info("Generated password reset link: " + passlink)
_system_email(
user.email,
PasswordReset(user=user, passlink=passlink).render(style='email'),
Email.Kind.RESET_PASSWORD,
user=user,
)
return True
def password_email(user):
"""
For resetting a user's password.
"""
from r2.lib.pages import PasswordReset
reset_count_key = "email-reset_count_%s" % user._id
g.cache.add(reset_count_key, 0, time=3600 * 12)
if g.cache.incr(reset_count_key) > 3:
return False
reset_count_global = "email-reset_count_global"
g.cache.add(reset_count_global, 0, time=3600)
if g.cache.incr(reset_count_global) > 1000:
raise ValueError("Somebody's beating the hell out of the password reset box")
token = PasswordResetToken._new(user)
base = g.https_endpoint or g.origin
passlink = base + '/resetpassword/' + token._id
g.log.info("Generated password reset link: " + passlink)
_system_email(user.email,
PasswordReset(user=user,
passlink=passlink).render(style='email'),
Email.Kind.RESET_PASSWORD)
return True
def password_email(user):
"""
For resetting a user's password.
"""
from r2.lib.pages import PasswordReset
user_reset_ratelimit = SimpleRateLimit(
name="email_reset_count_%s" % user._id36,
seconds=int(datetime.timedelta(hours=12).total_seconds()),
limit=3,
)
if not user_reset_ratelimit.record_and_check():
return False
global_reset_ratelimit = SimpleRateLimit(
name="email_reset_count_global",
seconds=int(datetime.timedelta(hours=1).total_seconds()),
limit=1000,
)
if not global_reset_ratelimit.record_and_check():
raise ValueError("password reset ratelimit exceeded")
token = PasswordResetToken._new(user)
base = g.https_endpoint or g.origin
passlink = base + '/resetpassword/' + token._id
g.log.info("Generated password reset link: " + passlink)
_system_email(
user.email,
PasswordReset(user=user, passlink=passlink).render(style='email'),
Email.Kind.RESET_PASSWORD,
user=user,
)
return True
def password_email(user):
"""
For resetting a user's password.
"""
from r2.lib.pages import PasswordReset
user_reset_ratelimit = SimpleRateLimit(
name="email_reset_count_%s" % user._id36,
seconds=int(datetime.timedelta(hours=12).total_seconds()),
limit=3,
)
if not user_reset_ratelimit.record_and_check():
return False
global_reset_ratelimit = SimpleRateLimit(
name="email_reset_count_global",
seconds=int(datetime.timedelta(hours=1).total_seconds()),
limit=1000,
)
if not global_reset_ratelimit.record_and_check():
raise ValueError("password reset ratelimit exceeded")
token = PasswordResetToken._new(user)
base = g.https_endpoint or g.origin
passlink = base + '/resetpassword/' + token._id
g.log.info("Generated password reset link: " + passlink)
_system_email(user.email,
PasswordReset(user=user,
passlink=passlink).render(style='email'),
Email.Kind.RESET_PASSWORD,
user=user,
)
return True
def setUp(self):
super(ResetPasswordTest, self).setUp()
self.user = MagicMock(name="user")
self.user._fullname = "test_user"
self.user.email = "*****@*****.**"
self.user._banned = False
self.user.password = CURRENT_PW_BCRYPT
self.token = PasswordResetToken._new(self.user)
def setUp(self):
super(ResetPasswordTest, self).setUp()
self.user = MagicMock(name="user")
self.user._fullname = "test_user"
self.user.email = "*****@*****.**"
self.user._banned = False
self.user.password = CURRENT_PW_BCRYPT
self.token = PasswordResetToken._new(self.user)