def validate_reset_code(token):
result = decode_public_private_token(token)
if not result:
return None
# Find the reset code.
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code,
EmailConfirmation.pw_reset == True)
except EmailConfirmation.DoesNotExist:
return None
if result.private_token and not code.verification_code.matches(
result.private_token):
return None
# Make sure the code is not expired.
max_lifetime_duration = convert_to_timedelta(
config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
if code.created + max_lifetime_duration < datetime.now():
code.delete_instance()
return None
# Verify the user and return the code.
user = code.user
with db_transaction():
if not user.verified:
user.verified = True
user.save()
code.delete_instance()
return user
def confirm_user_email(token):
result = decode_public_private_token(token)
if not result:
raise DataModelException("Invalid email confirmation code")
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code,
EmailConfirmation.email_confirm == True)
except EmailConfirmation.DoesNotExist:
raise DataModelException("Invalid email confirmation code")
if result.private_token and not code.verification_code.matches(
result.private_token):
raise DataModelException("Invalid email confirmation code")
user = code.user
user.verified = True
old_email = None
new_email = code.new_email
if new_email and new_email != old_email:
if find_user_by_email(new_email):
raise DataModelException("E-mail address already used")
old_email = user.email
user.email = new_email
with db_transaction():
user.save()
code.delete_instance()
return user, new_email, old_email
def confirm_user_email(token):
# TODO(remove-unenc): Remove allow_public_only once migrated.
allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
result = decode_public_private_token(token, allow_public_only=allow_public_only)
if not result:
raise DataModelException("Invalid email confirmation code")
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code, EmailConfirmation.email_confirm == True
)
except EmailConfirmation.DoesNotExist:
raise DataModelException("Invalid email confirmation code")
if result.private_token and not code.verification_code.matches(result.private_token):
raise DataModelException("Invalid email confirmation code")
user = code.user
user.verified = True
old_email = None
new_email = code.new_email
if new_email and new_email != old_email:
if find_user_by_email(new_email):
raise DataModelException("E-mail address already used")
old_email = user.email
user.email = new_email
with db_transaction():
user.save()
code.delete_instance()
return user, new_email, old_email
def validate_reset_code(token):
# TODO(remove-unenc): Remove allow_public_only once migrated.
allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
result = decode_public_private_token(token, allow_public_only=allow_public_only)
if not result:
return None
# Find the reset code.
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code, EmailConfirmation.pw_reset == True
)
except EmailConfirmation.DoesNotExist:
return None
if result.private_token and not code.verification_code.matches(result.private_token):
return None
# Make sure the code is not expired.
max_lifetime_duration = convert_to_timedelta(config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
if code.created + max_lifetime_duration < datetime.now():
code.delete_instance()
return None
# Verify the user and return the code.
user = code.user
with db_transaction():
if not user.verified:
user.verified = True
user.save()
code.delete_instance()
return user
def test_private_token():
public_code = "PUBLIC-CODE"
private_token = "PRIVATE-TOKEN"
encoded_token = encode_public_private_token(public_code, private_token)
assert isinstance(encoded_token, str)
decoded_token = decode_public_private_token(encoded_token)
assert isinstance(decoded_token, DecodedToken)
assert decoded_token.public_code == public_code
assert decoded_token.private_token == private_token
