def _recover_password(self, address): """Email a recovery token for the user.""" _log.info("Recover password for %s", address) if not _email_throttler.is_allowed(): _log.warn("Throttling to avoid being blacklisted") raise HTTPErrorEx( httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)}) db_sess = self.db_session() try: token = users.get_token(db_sess, address) except ValueError: # To avoid revealing who subscribes to our service to # third parties, this must behave identically to the case # where the email is recognised. db_sess.rollback() _log.info("Silently ignoring unrecognised email") else: db_sess.commit() user = users.get_details(db_sess, address) urlbase = self.request.protocol + "://" + self.request.host + \ settings.EMAIL_RECOVERY_PATH mail.send_recovery_message(urlbase, user["email"], user["full_name"], token) self.send_success(httplib.OK)
def test_mainline(self, smtp): address = "*****@*****.**" full_name = "Robert Your Uncle" token = "deadbeef01&2" server = MagicMock() smtp.return_value = server self._message = None def dosave(x, y, z): self._message = z server.sendmail.side_effect = dosave urlbase = "https://www.example.com/forgotpassword?" mail.send_recovery_message(urlbase, address, full_name, token) smtp.assert_called_once_with(host = "smtp.example.com", port = 25, timeout = 10) server.starttls.assert_called_once_with() server.login.assert_called_once_with("anonymous", "password") server.sendmail.assert_called_once_with("*****@*****.**", "*****@*****.**", ANY) server.quit.assert_called_once_with() self.assertIn("please click on the link", self._message) self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message) self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message) self.assertTrue(self._message.startswith("From: "), msg=">>" + self._message + "<<")
def _recover_password(self, address): """Email a recovery token for the user.""" _log.info("Recover password for %s", address) if not _email_throttler.is_allowed(): _log.warn("Throttling to avoid being blacklisted") raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)}) db_sess = self.db_session() try: token = users.get_token(db_sess, address) db_sess.commit() except ValueError: # To avoid revealing who subscribes to our service to # third parties, this must behave identically to the case # where the email is recognised. _log.info("Silently ignoring unrecognised email") else: user = users.get_details(db_sess, address) urlbase = self.request.protocol + "://" + self.request.host + \ settings.EMAIL_RECOVERY_PATH mail.send_recovery_message(urlbase, user["email"], user["full_name"], token) self.send_success(httplib.OK)