def password_recovery():
''' creates a password_recovery_hash and sends email to user (assumes login=email)'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
email = post_data.get('email')
if not email:
raise InvalidPayload()
# fetch the user data
user = User.first_by(email=email)
if user:
token = user.encode_password_token()
with session_scope(db.session):
user.token_hash = bcrypt.generate_password_hash(
token, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode()
if not current_app.testing:
from project.api.common.utils.mails import send_password_recovery_email
send_password_recovery_email(user,
token.decode()) # send recovery email
return {
'status': 'success',
'message': 'Successfully sent email with password recovery.',
}
else:
raise NotFoundException(
message=
'Login/email does not exist, please write a valid login/email')
def test_add_user_inactive(self):
add_user('test', '*****@*****.**', 'test')
# update user
user = User.first_by(email='*****@*****.**')
user.active = False
db.session.commit()
with self.client:
resp_login = self.client.post(
'/v1/auth/login',
data=json.dumps(dict(
email='*****@*****.**',
password='******'
)),
content_type='application/json',
headers=[('Accept', 'application/json')]
)
response = self.client.post(
'/v1/users',
data=json.dumps(dict(
username='******',
email='*****@*****.**',
password='******'
)),
content_type='application/json',
headers=[('Accept', 'application/json'), (Constants.HttpHeaders.AUTHORIZATION, 'Bearer ' + json.loads(resp_login.data.decode())['auth_token'])]
)
data = json.loads(response.data.decode())
self.assertEqual(data['status'], 'error')
self.assertEqual(data['message'], 'Something went wrong. Please contact us.')
self.assertEqual(response.status_code, 401)
def login_user():
# get post data
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
email = post_data.get('email')
password = post_data.get('password')
if not password:
raise InvalidPayload()
user = User.first_by(email=email)
if user and bcrypt.check_password_hash(user.password, password):
# register device if needed
if all(x in request.headers for x in [
Constants.HttpHeaders.DEVICE_ID,
Constants.HttpHeaders.DEVICE_TYPE
]):
device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID)
device_type = request.headers.get(
Constants.HttpHeaders.DEVICE_TYPE)
with session_scope(db.session):
Device.create_or_update(device_id=device_id,
device_type=device_type,
user=user)
auth_token = user.encode_auth_token()
return {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
else:
# user is not logged in, set False to device.active
if Constants.HttpHeaders.DEVICE_ID in request.headers:
device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID)
device = Device.first_by(device_id=device_id)
if device:
with session_scope(db.session):
device.active = False
raise NotFoundException(message='User does not exist.')
