def post_for_password_token(body: ResetPasswordBodyModel) -> None:
check_recaptcha_token_is_valid(
body.token, "resetPassword",
settings.RECAPTCHA_RESET_PASSWORD_MINIMAL_SCORE)
user = find_user_by_email(body.email)
if not user or not user.isActive:
# Here we also return a 204 to prevent attacker from discovering which email exists in db
return
generate_reset_token(user)
repository.save(user)
is_not_pro_user = user.isBeneficiary
if is_not_pro_user:
try:
send_reset_password_email_to_user(user, send_raw_email)
except MailServiceException as mail_service_exception:
app.logger.exception(
"[send_reset_password_email_to_user] "
"Mail service failure", mail_service_exception)
else:
try:
send_reset_password_email_to_pro(user, send_raw_email)
except MailServiceException as mail_service_exception:
app.logger.exception(
"[send_reset_password_email_to_pro] "
"Mail service failure", mail_service_exception)
def test_should_raise_when_score_is_too_low(self, recaptcha_response):
# Given
token = generate_fake_token()
recaptcha_response.return_value = {"success": True, "score": 0.2}
# When
with pytest.raises(InvalidRecaptchaTokenException):
check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def verify_id_check_licence_token(
body: serialization_beneficiaries.VerifyIdCheckLicenceRequest,
) -> serialization_beneficiaries.VerifyIdCheckLicenceResponse:
if users_repo.get_id_check_token(body.token):
return serialization_beneficiaries.VerifyIdCheckLicenceResponse()
# Let's try with the legacy webapp tokens
check_recaptcha_token_is_valid(body.token, "submit",
settings.RECAPTCHA_LICENCE_MINIMAL_SCORE)
return serialization_beneficiaries.VerifyIdCheckLicenceResponse()
def test_should_raise_exception_for_any_other_error_code(
self, recaptcha_response, error_code):
# Given
token = generate_fake_token()
recaptcha_response.return_value = {
"success": False,
"error-codes": [error_code],
}
# When
with pytest.raises(ReCaptchaException):
check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def test_should_raise_when_token_is_too_old_or_already_used(
self, recaptcha_response):
# Given
token = generate_fake_token()
recaptcha_response.return_value = {
"success": False,
"error-codes": ["timeout-or-duplicate"],
}
# When
with pytest.raises(InvalidRecaptchaTokenException):
check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
def test_should_raise_exception_with_details(self, recaptcha_response):
# Given
token = generate_fake_token()
recaptcha_response.return_value = {
"success": False,
"error-codes": ["first-error", "second-error"],
}
# When
with pytest.raises(ReCaptchaException) as exception:
check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
assert str(
exception.value
) == "Encountered the following error(s): ['first-error', 'second-error']"
def create_account(body: serializers.AccountRequest) -> None:
if settings.NATIVE_ACCOUNT_CREATION_REQUIRES_RECAPTCHA:
try:
check_recaptcha_token_is_valid(body.token, "submit", settings.RECAPTCHA_RESET_PASSWORD_MINIMAL_SCORE)
except ReCaptchaException:
raise ApiErrors({"token": "The given token is not invalid"})
try:
api.create_account(
email=body.email,
password=body.password,
birthdate=body.birthdate,
has_allowed_recommendations=body.has_allowed_recommendations,
is_email_validated=False,
)
except UserAlreadyExistsException:
user = find_user_by_email(body.email)
api.request_password_reset(user)
def test_should_raise_when_action_is_not_matching_the_original_action(
self, recaptcha_response):
# Given
token = generate_fake_token()
recaptcha_response.return_value = {
"success": True,
"score": 0.9,
"action": "fake-action"
}
# When
with pytest.raises(ReCaptchaException) as exception:
check_recaptcha_token_is_valid(token, ORIGINAL_ACTION, 0.5)
# Then
assert str(
exception.value
) == "The action 'fake-action' does not match 'submit' from the form"