def password_recovery(): ''' creates a password_recovery_hash and sends email to user (assumes login=email)''' post_data = request.get_json() if not post_data: raise InvalidPayload() email = post_data.get('email') if not email: raise InvalidPayload() # fetch the user data user = User.first_by(email=email) if user: token = user.encode_password_token() with session_scope(db.session): user.token_hash = bcrypt.generate_password_hash( token, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode() if not current_app.testing: from project.api.common.utils.mails import send_password_recovery_email send_password_recovery_email(user, token.decode()) # send recovery email return { 'status': 'success', 'message': 'Successfully sent email with password recovery.', } else: raise NotFoundException( message= 'Login/email does not exist, please write a valid login/email')
def test_add_user_inactive(self): add_user('test', '*****@*****.**', 'test') # update user user = User.first_by(email='*****@*****.**') user.active = False db.session.commit() with self.client: resp_login = self.client.post( '/v1/auth/login', data=json.dumps(dict( email='*****@*****.**', password='******' )), content_type='application/json', headers=[('Accept', 'application/json')] ) response = self.client.post( '/v1/users', data=json.dumps(dict( username='******', email='*****@*****.**', password='******' )), content_type='application/json', headers=[('Accept', 'application/json'), (Constants.HttpHeaders.AUTHORIZATION, 'Bearer ' + json.loads(resp_login.data.decode())['auth_token'])] ) data = json.loads(response.data.decode()) self.assertEqual(data['status'], 'error') self.assertEqual(data['message'], 'Something went wrong. Please contact us.') self.assertEqual(response.status_code, 401)
def login_user(): # get post data post_data = request.get_json() if not post_data: raise InvalidPayload() email = post_data.get('email') password = post_data.get('password') if not password: raise InvalidPayload() user = User.first_by(email=email) if user and bcrypt.check_password_hash(user.password, password): # register device if needed if all(x in request.headers for x in [ Constants.HttpHeaders.DEVICE_ID, Constants.HttpHeaders.DEVICE_TYPE ]): device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID) device_type = request.headers.get( Constants.HttpHeaders.DEVICE_TYPE) with session_scope(db.session): Device.create_or_update(device_id=device_id, device_type=device_type, user=user) auth_token = user.encode_auth_token() return { 'status': 'success', 'message': 'Successfully logged in.', 'auth_token': auth_token.decode() } else: # user is not logged in, set False to device.active if Constants.HttpHeaders.DEVICE_ID in request.headers: device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID) device = Device.first_by(device_id=device_id) if device: with session_scope(db.session): device.active = False raise NotFoundException(message='User does not exist.')