def test_get_email_token(self): email = '*****@*****.**' salt = 'salt' secret = 'secret' token = utils.get_email_token(email, salt, secret) self.assertEquals('ImFAYS5jb20i', token[0:12]) decoded = utils.get_email_from_token(token, salt, secret) self.assertEquals(email, decoded) time.sleep(2) with self.assertRaises(Exception) as context: decoded = utils.get_email_from_token(token, salt, secret, max_age=1) self.assertTrue('Signature age 2 > 1 seconds' in context.exception)
def api_verify_email(): """ @TODO: add counter/log to track failed attempts :rtype: Response :return the success or failed in json format """ if 'POST' == request.method: token = utils.clean_str(request.form.get('tok')) else: token = utils.clean_str(request.args.get('tok')) if not token: return utils.jsonify_error({'message': 'No token specified.'}) try: email = utils.get_email_from_token(token, app.config["SECRET_KEY"], app.config["SECRET_KEY"]) except Exception as exc: # @TODO: add dedicated log type app.logger.error("api_verify_email: {}".format(exc.message)) return utils.jsonify_error({'message': exc.message}) app.logger.debug("Decoded email from token: {}".format(email)) user = UserEntity.query.filter_by(email=email).first() if user is None: app.logger.error("Attempt to verify email with incorrect token: {}" .format(token)) return utils.jsonify_error({'message': 'Sorry.'}) user = UserEntity.update(user, email_confirmed_at=datetime.today()) app.logger.debug("Verified token {} for user {}".format(token, user.email)) # @TODO: add dedicated log type LogEntity.account_modified(session['uuid'], "Verified token {} for user {}".format( token, user.email)) return utils.jsonify_success( {"message": "Email was verified for {}.".format(email)})