def reset_password_start(self):
if self.request.settings.archive_mode:
self.request.session.flash(("Password reset impossible in "
"archive mode."), 'error')
return HTTPFound(location=self.request.route_url('home'))
form = ForgotPasswordForm(self.request.POST, csrf_context=self.request)
retparams = {'form': form}
if self.request.method == 'POST':
if not form.validate():
return retparams
password_reminder(form.email.data, self.request)
self.request.session.flash("An email has been sent to the "
"provided address with further "
"information.")
return HTTPFound(
location=self.request.route_url('reset-password-start')
)
return retparams
def test_password_reminer_wrong_mail(self):
t = self.make_team()
self.dbsession.add(t)
assert t.reset_token is None
assert password_reminder("*****@*****.**", self.request) is None
assert t.reset_token is None
assert len(self.mailer.outbox) == 1
mail = self.mailer.outbox[0]
assert re.match(r"Password Reset for hack.lu CTF \d{4}", mail.subject)
assert mail.recipients == ["*****@*****.**"]
assert "but we have no team for this address in our database" in mail.html
def test_password_reminder(self):
t = self.make_team()
self.dbsession.add(t)
assert t.reset_token is None
assert password_reminder("*****@*****.**", self.request) == t
assert len(t.reset_token) == 64
assert len(self.mailer.outbox) == 1
mail = self.mailer.outbox[0]
assert re.match(r"Password Reset for hack.lu CTF \d{4}", mail.subject)
assert mail.recipients == ["*****@*****.**"]
assert "You have requested to reset your password." in mail.html
