def sendReset(username): user = model.user.get_nonrobot_user(username) if not user: print "No user found" return with app.app_context(): confirmation_code = model.user.create_reset_password_email_code( user.email) send_recovery_email(user.email, confirmation_code) print "Email sent to %s" % (user.email)
def post(self): """ Request a password recovery email. """ def redact(value): threshold = max((len(value) / 3) - 1, 1) v = "" for i in range(0, len(value)): if i < threshold or i >= len(value) - threshold: v = v + value[i] else: v = v + "\u2022" return v recovery_data = request.get_json() # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = recovery_data.get("recaptcha_response", "") result = recaptcha2.verify(app.config["RECAPTCHA_SECRET_KEY"], recaptcha_response, get_request_ip()) if not result["success"]: return { "message": "Are you a bot? If not, please revalidate the captcha." }, 400 email = recovery_data["email"] user = model.user.find_user_by_email(email) if not user: return { "status": "sent", } if user.organization: send_org_recovery_email(user, model.organization.get_admin_users(user)) return { "status": "org", "orgemail": email, "orgname": redact(user.username), } confirmation_code = model.user.create_reset_password_email_code(email) send_recovery_email(email, confirmation_code) return { "status": "sent", }
def post(self): """ Request a password recovery email.""" def redact(value): threshold = max((len(value) / 3) - 1, 1) v = '' for i in range(0, len(value)): if i < threshold or i >= len(value) - threshold: v = v + value[i] else: v = v + u'\u2022' return v recovery_data = request.get_json() # If recaptcha is enabled, then verify the user is a human. if features.RECAPTCHA: recaptcha_response = recovery_data.get('recaptcha_response', '') result = recaptcha2.verify(app.config['RECAPTCHA_SECRET_KEY'], recaptcha_response, get_request_ip()) if not result['success']: return { 'message': 'Are you a bot? If not, please revalidate the captcha.' }, 400 email = recovery_data['email'] user = model.user.find_user_by_email(email) if not user: return { 'status': 'sent', } if user.organization: send_org_recovery_email(user, model.organization.get_admin_users(user)) return { 'status': 'org', 'orgemail': email, 'orgname': redact(user.username), } confirmation_code = model.user.create_reset_password_email_code(email) send_recovery_email(email, confirmation_code) return { 'status': 'sent', }
def post(self, username): # Ensure that we are using database auth. if app.config["AUTHENTICATION_TYPE"] != "Database": raise InvalidRequest("Cannot send a recovery e-mail for non-database auth") if SuperUserPermission().can(): user = pre_oci_model.get_nonrobot_user(username) if user is None: raise NotFound() if superusers.is_superuser(username): raise InvalidRequest("Cannot send a recovery email for a superuser") code = pre_oci_model.create_reset_password_email_code(user.email) send_recovery_email(user.email, code) return {"email": user.email} raise Unauthorized()
def test_send_recovery_email(mock_send_email, initialized_db): email = "*****@*****.**" token = "fake_token" send_recovery_email(email, token) # Expected call arguments subject = "Account recovery" template_file = "recovery" parameters = {"email": email, "token": token} action = mock.ANY # TODO: assert GmailAction.view() is called mock_send_email.assert_called_once_with(email, subject, template_file, parameters, action=action)