def put(self):
args = self.get_put_arguments()
try:
email = auth_tokens_store.get("reset-%s" % args["token"])
if email:
auth.validate_password(args["password"], args["password2"])
password = auth.encrypt_password(args["password"])
persons_service.update_password(email, password)
auth_tokens_store.delete("reset-%s" % args["token"])
return {"success": True}
else:
return (
{
"error": True,
"message": "Wrong or expired token."
},
400,
)
except auth.PasswordsNoMatchException:
return (
{
"error": True,
"message": "Confirmation password doesn't match.",
},
400,
)
except auth.PasswordTooShortException:
return {"error": True, "message": "Password is too short."}, 400
except UnactiveUserException:
return {"error": True, "message": "User is unactive."}, 400
def clean_auth_tokens():
"""
Remove all revoked tokens (most of the time outdated) from the key value
store.
"""
for key in auth_tokens_store.keys():
value = json.loads(auth_tokens_store.get(key))
is_revoked = value["revoked"] == True
expiration = datetime.datetime.fromtimestamp(value["token"]["exp"])
is_expired = expiration < datetime.datetime.now()
if is_revoked or is_expired:
auth_tokens_store.delete(key)
def delete_auth_tokens():
"""
Remove all authentication tokens from the key value store.
"""
for key in auth_tokens_store.keys():
auth_tokens_store.delete(key)
def put(self):
"""
Ressource to allow a user to change his password when he forgets it.
---
description: "It uses a classic scheme: a token is sent by email to the user.
Then he can change his password."
tags:
- Authentification
parameters:
- in: body
name: Credentials
description: The token, new password and confirmation password of the user
schema:
type: object
required:
- token
- password
- password_2
properties:
token:
type: UUID
password:
type: string
password_2:
type: string
responses:
200:
description: Password reset
400:
description: Invalid password
Wrong or expired token
Inactive user
"""
args = self.get_put_arguments()
try:
email = auth_tokens_store.get("reset-%s" % args["token"])
if email:
auth.validate_password(args["password"], args["password2"])
password = auth.encrypt_password(args["password"])
persons_service.update_password(email, password)
auth_tokens_store.delete("reset-%s" % args["token"])
return {"success": True}
else:
return (
{
"error": True,
"message": "Wrong or expired token."
},
400,
)
except auth.PasswordsNoMatchException:
return (
{
"error": True,
"message": "Confirmation password doesn't match.",
},
400,
)
except auth.PasswordTooShortException:
return {"error": True, "message": "Password is too short."}, 400
except UnactiveUserException:
return {"error": True, "message": "User is inactive."}, 400
