def forgot_password(): try: data = get_request_data( request, required_params=["email", "resetURL"], ) except (ValueError, TypeError) as e: return handle_error( message="%s: %s" % (request.url, str(e)), logger=logger, status_code=422, ) token = uuid.uuid4().hex mailgun_response = send_reset_link( email=data["email"], token=token, url=data["resetURL"], ) if mailgun_response.status_code != 200: return make_response( '''There was an error sending your reset link, please email [email protected] with this error: %s''' % mailgun_response.text, mailgun_response.status_code) db = DatabaseService() db.save_reset_token( email=data["email"], token=token, ) return make_response("OK", 200)
def test_reset_password_returns_200(self): email = "*****@*****.**" token = "testtoken" db = DatabaseService() db.save_reset_token(email=email, token=token) data = json.dumps({ "token": token, "password": "******", "passwordCheck": "testpass2", }) result = self.app.post("/api/v1/reset-password", data=data) self.assertEqual(result.status_code, 200)
def test_reset_password_updates_password(self): email = "*****@*****.**" token = "testtoken" password1 = "testpassword1" password2 = "testpassword2" db = DatabaseService() db.save_user(email=email, password=password1) db.save_reset_token(email=email, token=token) data = json.dumps({ "token": token, "password": password2, "passwordCheck": password2, }) self.app.post("/api/v1/reset-password", data=data) result = db.authenticate_user(email=email, password=password2) self.assertIsNotNone(result)
def test_user_can_login_with_new_password_after_reset_password(self): email = "*****@*****.**" token = "testtoken" password1 = "testpassword1" password2 = "testpassword2" db = DatabaseService() db.save_user(email=email, password=password1) db.save_reset_token(email=email, token=token) data = json.dumps({ "token": token, "password": password2, "passwordCheck": password2, }) self.app.post("/api/v1/reset-password", data=data) login_data = json.dumps({"email": email, "password": password2}) result = self.app.post("/api/v1/login", data=login_data) self.assertEqual(result.status_code, 200)
class TestDatabaseService(BaseTest): def setUp(self): super(TestDatabaseService, self).setUp() self.db = DatabaseService() def tearDown(self): super(TestDatabaseService, self).tearDown() def test_database_service_can_connect(self): self.assertIsNotNone(self.db) def test_database_service_can_save_user(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT COUNT(*) FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(1, results[0][0]) curr.close() def test_database_service_saves_user_with_correct_email(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(email, results[0][0]) curr.close() def test_database_service_saves_email_as_lowercase(self): email = '*****@*****.**' lowercaseEmail = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT email FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(lowercaseEmail, results[0][0]) curr.close() def test_database_service_saves_hashed_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertNotEqual(password, results[0][0]) curr.close() def test_database_services_saves_correct_password(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertTrue(check_password_hash(results[0][0], password)) curr.close() def test_database_service_saves_first_and_last_name(self): email = '*****@*****.**' password = '******' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, firstName=firstName, lastName=lastName, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(firstName, results[0][0]) self.assertEqual(lastName, results[0][1]) curr.close() def test_database_service_handles_default_values_for_first_and_last_name( self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) query = "SELECT first_name, last_name FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(None, results[0][0]) self.assertEqual(None, results[0][1]) curr.close() def test_database_service_can_authorize_valid_user_credentials(self): email = '*****@*****.**' password = '******' self.db.save_user( email=email, password=password, ) result = self.db.authenticate_user(email=email, password=password) self.assertIsNotNone(result) def test_database_service_returns_user_type_after_authorizing(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) result = self.db.authenticate_user(email=email, password=password) self.assertEqual(userType, result) def test_database_service_handles_nonexistent_user(self): email = '*****@*****.**' password = '******' result = self.db.authenticate_user(email=email, password=password) self.assertEqual(result, None) def test_database_service_creates_user_with_correct_user_type(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) query = "SELECT user_type FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() self.assertEqual(userType, results[0][0]) curr.close() def test_database_service_can_return_user_data(self): email = '*****@*****.**' password = '******' userType = 'testtype' self.db.save_user( email=email, password=password, userType=userType, ) user = self.db.get_user(email=email) self.assertIsNotNone(user) def test_database_service_returns_correct_user_data_on_get_user(self): email = '*****@*****.**' password = '******' userType = 'testtype' firstName = 'First' lastName = 'Last' self.db.save_user( email=email, password=password, userType=userType, firstName=firstName, lastName=lastName, ) user = self.db.get_user(email=email) self.assertEqual(user['email'], email) self.assertEqual(user['firstName'], firstName) self.assertEqual(user['lastName'], lastName) self.assertEqual(user['userType'], userType) def test_database_service_can_save_reset_token(self): self.db.save_reset_token( email='*****@*****.**', token='thisisatesttoken', ) query = "SELECT * FROM reset_tokens" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() self.assertIsNotNone(results[0]) def test_database_service_can_validate_saved_reset_token(self): email = '*****@*****.**' token = 'testtoken' curr = self.conn.cursor() data = (email, token) query = "INSERT INTO reset_tokens (email, token) VALUES (%s, %s)" curr.execute(query, data) self.conn.commit() user_email = self.db.validate_reset_token(token=token) self.assertIsNotNone(user_email) def test_database_service_can_update_password(self): email = '*****@*****.**' password1 = 'testpass1' password2 = 'testpass2' self.db.save_user(email=email, password=password1) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() first_password = results[0][0] self.db.update_password(email=email, password=password2) query = "SELECT password FROM users" curr = self.conn.cursor() curr.execute(query) results = curr.fetchall() curr.close() second_password = results[0][0] self.assertNotEqual(first_password, second_password)