def post_for_password_token(body: ResetPasswordBodyModel) -> None: check_recaptcha_token_is_valid( body.token, "resetPassword", settings.RECAPTCHA_RESET_PASSWORD_MINIMAL_SCORE) user = find_user_by_email(body.email) if not user or not user.isActive: # Here we also return a 204 to prevent attacker from discovering which email exists in db return generate_reset_token(user) repository.save(user) is_not_pro_user = user.isBeneficiary if is_not_pro_user: try: send_reset_password_email_to_user(user, send_raw_email) except MailServiceException as mail_service_exception: app.logger.exception( "[send_reset_password_email_to_user] " "Mail service failure", mail_service_exception) else: try: send_reset_password_email_to_pro(user, send_raw_email) except MailServiceException as mail_service_exception: app.logger.exception( "[send_reset_password_email_to_pro] " "Mail service failure", mail_service_exception)
def test_should_raise_when_score_is_too_low(self, recaptcha_response): # Given token = generate_fake_token() recaptcha_response.return_value = {"success": True, "score": 0.2} # When with pytest.raises(InvalidRecaptchaTokenException): check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def verify_id_check_licence_token( body: serialization_beneficiaries.VerifyIdCheckLicenceRequest, ) -> serialization_beneficiaries.VerifyIdCheckLicenceResponse: if users_repo.get_id_check_token(body.token): return serialization_beneficiaries.VerifyIdCheckLicenceResponse() # Let's try with the legacy webapp tokens check_recaptcha_token_is_valid(body.token, "submit", settings.RECAPTCHA_LICENCE_MINIMAL_SCORE) return serialization_beneficiaries.VerifyIdCheckLicenceResponse()
def test_should_raise_exception_for_any_other_error_code( self, recaptcha_response, error_code): # Given token = generate_fake_token() recaptcha_response.return_value = { "success": False, "error-codes": [error_code], } # When with pytest.raises(ReCaptchaException): check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def test_should_raise_when_token_is_too_old_or_already_used( self, recaptcha_response): # Given token = generate_fake_token() recaptcha_response.return_value = { "success": False, "error-codes": ["timeout-or-duplicate"], } # When with pytest.raises(InvalidRecaptchaTokenException): check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def test_should_raise_exception_with_details(self, recaptcha_response): # Given token = generate_fake_token() recaptcha_response.return_value = { "success": False, "error-codes": ["first-error", "second-error"], } # When with pytest.raises(ReCaptchaException) as exception: check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5) assert str( exception.value ) == "Encountered the following error(s): ['first-error', 'second-error']"
def create_account(body: serializers.AccountRequest) -> None: if settings.NATIVE_ACCOUNT_CREATION_REQUIRES_RECAPTCHA: try: check_recaptcha_token_is_valid(body.token, "submit", settings.RECAPTCHA_RESET_PASSWORD_MINIMAL_SCORE) except ReCaptchaException: raise ApiErrors({"token": "The given token is not invalid"}) try: api.create_account( email=body.email, password=body.password, birthdate=body.birthdate, has_allowed_recommendations=body.has_allowed_recommendations, is_email_validated=False, ) except UserAlreadyExistsException: user = find_user_by_email(body.email) api.request_password_reset(user)
def test_should_raise_when_action_is_not_matching_the_original_action( self, recaptcha_response): # Given token = generate_fake_token() recaptcha_response.return_value = { "success": True, "score": 0.9, "action": "fake-action" } # When with pytest.raises(ReCaptchaException) as exception: check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5) # Then assert str( exception.value ) == "The action 'fake-action' does not match 'submit' from the form"