async def validate_and_save(self, context):
data = context.get('data')
db_session = context.get('db_session')
save = context.get('save', True)
is_new = await self.is_new()
# USED
used = data.get('used')
if used is not None:
self.used = used
# TOKEN
token = data.get('token')
if token:
self.token = token
else:
self.token = generate_token(20)
# USER UID
user_uid = data.get('user_uid')
if user_uid:
self.user_uid = user_uid
else:
if is_new:
raise exceptions.InvalidRequestException('Missing user_uid')
if save:
db_session.save(self, safe=True)
def test_reset_password(self):
response = self.client.post(url_for('auth.forget_password'),
data=dict(email='*****@*****.**', ),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Password reset email sent, check your inbox.', data)
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(user.validate_password('123'))
token = generate_token(user=user, operation=Operations.RESET_PASSWORD)
response = self.client.post(url_for('auth.reset_password',
token=token),
data=dict(email='*****@*****.**',
password='******',
password2='new-password'),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Password updated.', data)
self.assertTrue(user.validate_password('new-password'))
self.assertFalse(user.validate_password('123'))
# bad token
response = self.client.post(url_for('auth.reset_password',
token='bad token'),
data=dict(email='*****@*****.**',
password='******',
password2='new-password'),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Invalid or expired link.', data)
self.assertNotIn('Password updated.', data)
async def validate_and_save(self, context):
data = context.get('data')
db_session = context.get('db_session')
save = context.get('save', True)
is_new = await self.is_new()
# USED
used = data.get('used')
if used is not None:
self.used = used
# TOKEN
token = data.get('token')
if token:
self.token = token
else:
self.token = generate_token(20)
# USER UID
user_uid = data.get('user_uid')
if user_uid:
self.user_uid = user_uid
else:
if is_new:
raise exceptions.InvalidRequestException('Missing user_uid')
if save:
db_session.save(self, safe=True)
def resend_confirm_email():
if current_user.confirmed:
return redirect(url_for('main.index'))
token = generate_token(user=current_user, operation=Operations.CONFIRM)
send_confirm_email(user=current_user, token=token)
flash('New email sent, check your inbox.', 'info')
return redirect(url_for('main.index'))
def change_email_request():
form = ChangeEmailForm()
if form.validate_on_submit():
token = generate_token(user=current_user, operation=Operations.CHANGE_EMAIL, new_email=form.email.data.lower())
send_change_email_email(to=form.email.data, user=current_user, token=token)
flash('Confirm email sent, check your inbox.', 'info')
return redirect(url_for('.index', username=current_user.username))
return render_template('user/settings/change_email.html', form=form)
def test_confirm_account(self):
user = User.query.filter_by(email='*****@*****.**').first()
self.assertFalse(user.confirmed)
token = generate_token(user=user, operation='confirm')
self.login(email='*****@*****.**', password='******')
response = self.client.get(url_for('auth.confirm', token=token),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Account confirmed.', data)
self.assertTrue(user.confirmed)
def forget_password():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ForgetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user:
token = generate_token(user=user,
operation=Operations.RESET_PASSWORD)
send_reset_password_email(user=user, token=token)
flash('Password reset email sent, check your inbox.', 'info')
return redirect(url_for('.login'))
flash('Invalid email.', 'warning')
return redirect(url_for('.forget_password'))
return render_template('auth/reset_password.html', form=form)
def test_change_email(self):
user = User.query.get(2)
self.assertEqual(user.email, '*****@*****.**')
token = generate_token(user=user,
operation=Operations.CHANGE_EMAIL,
new_email='*****@*****.**')
self.login()
response = self.client.get(url_for('user.change_email', token=token),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Email updated.', data)
self.assertEqual(user.email, '*****@*****.**')
response = self.client.get(url_for('user.change_email', token='bad'),
follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn('Invalid or expired token.', data)
HERE = os.path.abspath(os.path.dirname(__file__))
ROOT = os.path.join(HERE, '..')
sys.path.append(ROOT)
from jobs.send_email import PySendPulse # noqa
from server.utils import generate_token # noqa
from server.settings import config # noqa
from server.auth.user import User # noqa
config.configure(False)
user = User()
user.name = '' # CHANGEME
user.email = '' # CHANGEME
# SEND EMAIL VALIDATION TOKEN
email_validation_token = generate_token(20)
user.email_validation_token = email_validation_token
# FORMAT EMAIL TEMPLATE
email = config.get('email_confirmation_email')
email['text'] = email['text'].format(
email_validation_token=email_validation_token
)
email['html'] = email['html'].format(
email_validation_token=email_validation_token
)
email['to'][0]['email'] = email['to'][0]['email'].format(
user_email=user.email
)
email['to'][0]['name'] = email['to'][0]['name'].format(
user_name=user.name
HERE = os.path.abspath(os.path.dirname(__file__))
ROOT = os.path.join(HERE, '..')
sys.path.append(ROOT)
from jobs.send_email import PySendPulse # noqa
from server.utils import generate_token # noqa
from server.settings import config # noqa
from server.auth.user import User # noqa
config.configure(False)
user = User()
user.name = '' # CHANGEME
user.email = '' # CHANGEME
# SEND EMAIL VALIDATION TOKEN
email_validation_token = generate_token(20)
user.email_validation_token = email_validation_token
# FORMAT EMAIL TEMPLATE
email = config.get('email_confirmation_email')
email['text'] = email['text'].format(
email_validation_token=email_validation_token)
email['html'] = email['html'].format(
email_validation_token=email_validation_token)
email['to'][0]['email'] = email['to'][0]['email'].format(user_email=user.email)
email['to'][0]['name'] = email['to'][0]['name'].format(user_name=user.name)
SPApiProxy = PySendPulse(config.get('REST_API_ID'),
config.get('REST_API_SECRET'))
SPApiProxy.smtp_send_mail(email)
async def set_csrf_token_session(session):
if session.new:
session['csrf_token'] = generate_token(20)
async def set_csrf_token_session(session):
if session.new:
session['csrf_token'] = generate_token(20)