def request_password_reset(request, _form_class=RequestPasswordResetForm):
if request.authenticated_userid is not None:
return HTTPSeeOther(request.route_path("index"))
user_service = request.find_service(IUserService, context=None)
form = _form_class(request.POST, user_service=user_service)
if request.method == "POST" and form.validate():
user = user_service.get_user_by_username(form.username_or_email.data)
email = None
if user is None:
user = user_service.get_user_by_email(form.username_or_email.data)
email = first(user.emails,
key=lambda e: e.email == form.username_or_email.data)
send_password_reset_email(request, (user, email))
user_service.record_event(
user.id,
tag="account:password:reset:request",
ip_address=request.remote_addr,
)
token_service = request.find_service(ITokenService, name="password")
n_hours = token_service.max_age // 60 // 60
return {"n_hours": n_hours}
return {"form": form}
def request_password_reset(request, _form_class=RequestPasswordResetForm):
if request.authenticated_userid is not None:
return HTTPSeeOther(request.route_path("index"))
user_service = request.find_service(IUserService, context=None)
form = _form_class(request.POST, user_service=user_service)
if request.method == "POST" and form.validate():
user = user_service.get_user_by_username(form.username_or_email.data)
email = None
if user is None:
user = user_service.get_user_by_email(form.username_or_email.data)
email = first(
user.emails, key=lambda e: e.email == form.username_or_email.data
)
if not user_service.ratelimiters["password.reset"].test(user.id):
raise TooManyPasswordResetRequests(
resets_in=user_service.ratelimiters["password.reset"].resets_in(user.id)
)
if user.can_reset_password:
send_password_reset_email(request, (user, email))
user_service.record_event(
user.id,
tag="account:password:reset:request",
ip_address=request.remote_addr,
)
user_service.ratelimiters["password.reset"].hit(user.id)
token_service = request.find_service(ITokenService, name="password")
n_hours = token_service.max_age // 60 // 60
return {"n_hours": n_hours}
else:
user_service.record_event(
user.id,
tag="account:password:reset:attempt",
ip_address=request.remote_addr,
)
request.session.flash(
request._(
(
"Automated password reset prohibited for your user. "
"Contact a PyPI administrator for assistance"
),
),
queue="error",
)
return HTTPSeeOther(request.route_path("accounts.request-password-reset"))
return {"form": form}
def test_send_password_reset_email(self, pyramid_request, pyramid_config,
token_service, monkeypatch):
stub_user = pretend.stub(
id="id",
email="*****@*****.**",
username="******",
name="name_value",
last_login="******",
password_date="password_date",
)
pyramid_request.method = "POST"
token_service.dumps = pretend.call_recorder(lambda a: "TOKEN")
pyramid_request.find_service = pretend.call_recorder(
lambda *a, **kw: token_service)
subject_renderer = pyramid_config.testing_add_renderer(
"email/password-reset.subject.txt")
subject_renderer.string_response = "Email Subject"
body_renderer = pyramid_config.testing_add_renderer(
"email/password-reset.body.txt")
body_renderer.string_response = "Email Body"
send_email = pretend.stub(
delay=pretend.call_recorder(lambda *args, **kwargs: None))
pyramid_request.task = pretend.call_recorder(
lambda *args, **kwargs: send_email)
monkeypatch.setattr(email, "send_email", send_email)
result = email.send_password_reset_email(pyramid_request,
user=stub_user)
assert result == {
"token": "TOKEN",
"username": stub_user.username,
"n_hours": token_service.max_age // 60 // 60,
}
subject_renderer.assert_()
body_renderer.assert_(token="TOKEN", username=stub_user.username)
assert token_service.dumps.calls == [
pretend.call({
"action": "password-reset",
"user.id": str(stub_user.id),
"user.last_login": str(stub_user.last_login),
"user.password_date": str(stub_user.password_date),
})
]
assert pyramid_request.find_service.calls == [
pretend.call(ITokenService, name="password")
]
assert pyramid_request.task.calls == [pretend.call(send_email)]
assert send_email.delay.calls == [
pretend.call(
"Email Subject",
"Email Body",
recipient="name_value <" + stub_user.email + ">",
)
]
def request_password_reset(request, _form_class=RequestPasswordResetForm):
if request.authenticated_userid is not None:
return HTTPSeeOther(request.route_path("index"))
user_service = request.find_service(IUserService, context=None)
form = _form_class(request.POST, user_service=user_service)
if request.method == "POST" and form.validate():
user = user_service.get_user_by_username(form.username_or_email.data)
if user is None:
user = user_service.get_user_by_email(form.username_or_email.data)
send_password_reset_email(request, user)
token_service = request.find_service(ITokenService, name="password")
n_hours = token_service.max_age // 60 // 60
return {"n_hours": n_hours}
return {"form": form}
def request_password_reset(request, _form_class=RequestPasswordResetForm):
if request.authenticated_userid is not None:
return HTTPSeeOther(request.route_path('index'))
user_service = request.find_service(IUserService, context=None)
form = _form_class(request.POST, user_service=user_service)
if request.method == "POST" and form.validate():
user = user_service.get_user_by_username(form.username_or_email.data)
if user is None:
user = user_service.get_user_by_email(form.username_or_email.data)
send_password_reset_email(request, user)
token_service = request.find_service(ITokenService, name='password')
n_hours = token_service.max_age // 60 // 60
return {"n_hours": n_hours}
return {"form": form}
def test_send_password_reset_email(self, pyramid_request, pyramid_config,
token_service, monkeypatch):
stub_user = pretend.stub(
id='id',
email='email',
username='******',
last_login='******',
password_date='password_date',
)
pyramid_request.method = 'POST'
token_service.dumps = pretend.call_recorder(lambda a: 'TOKEN')
pyramid_request.find_service = pretend.call_recorder(
lambda *a, **kw: token_service)
subject_renderer = pyramid_config.testing_add_renderer(
'email/password-reset.subject.txt')
subject_renderer.string_response = 'Email Subject'
body_renderer = pyramid_config.testing_add_renderer(
'email/password-reset.body.txt')
body_renderer.string_response = 'Email Body'
send_email = pretend.stub(
delay=pretend.call_recorder(lambda *args, **kwargs: None))
pyramid_request.task = pretend.call_recorder(
lambda *args, **kwargs: send_email)
monkeypatch.setattr(email, 'send_email', send_email)
result = email.send_password_reset_email(
pyramid_request,
user=stub_user,
)
assert result == {
'token': 'TOKEN',
'username': stub_user.username,
'n_hours': token_service.max_age // 60 // 60,
}
subject_renderer.assert_()
body_renderer.assert_(token='TOKEN', username=stub_user.username)
assert token_service.dumps.calls == [
pretend.call({
'action': 'password-reset',
'user.id': str(stub_user.id),
'user.last_login': str(stub_user.last_login),
'user.password_date': str(stub_user.password_date),
}),
]
assert pyramid_request.find_service.calls == [
pretend.call(ITokenService, name='password'),
]
assert pyramid_request.task.calls == [
pretend.call(send_email),
]
assert send_email.delay.calls == [
pretend.call('Email Body', [stub_user.email], 'Email Subject'),
]
def request_password_reset(request, _form_class=RequestPasswordResetForm):
user_service = request.find_service(IUserService, context=None)
form = _form_class(request.POST, user_service=user_service)
if request.method == "POST" and form.validate():
user = user_service.get_user_by_username(form.username.data)
fields = send_password_reset_email(request, user)
return {'n_hours': fields['n_hours']}
return {"form": form}
def test_send_password_reset_email(
self, pyramid_request, pyramid_config, token_service, monkeypatch):
stub_user = pretend.stub(
id='id',
email='email',
username='******',
last_login='******',
password_date='password_date',
)
pyramid_request.method = 'POST'
token_service.dumps = pretend.call_recorder(lambda a: 'TOKEN')
pyramid_request.find_service = pretend.call_recorder(
lambda *a, **kw: token_service
)
subject_renderer = pyramid_config.testing_add_renderer(
'email/password-reset.subject.txt'
)
subject_renderer.string_response = 'Email Subject'
body_renderer = pyramid_config.testing_add_renderer(
'email/password-reset.body.txt'
)
body_renderer.string_response = 'Email Body'
send_email = pretend.stub(
delay=pretend.call_recorder(lambda *args, **kwargs: None)
)
pyramid_request.task = pretend.call_recorder(
lambda *args, **kwargs: send_email
)
monkeypatch.setattr(email, 'send_email', send_email)
result = email.send_password_reset_email(
pyramid_request,
user=stub_user,
)
assert result == {
'token': 'TOKEN',
'username': stub_user.username,
'n_hours': token_service.max_age // 60 // 60,
}
subject_renderer.assert_()
body_renderer.assert_(token='TOKEN', username=stub_user.username)
assert token_service.dumps.calls == [
pretend.call({
'action': 'password-reset',
'user.id': str(stub_user.id),
'user.last_login': str(stub_user.last_login),
'user.password_date': str(stub_user.password_date),
}),
]
assert pyramid_request.find_service.calls == [
pretend.call(ITokenService, name='password'),
]
assert pyramid_request.task.calls == [
pretend.call(send_email),
]
assert send_email.delay.calls == [
pretend.call(
'Email Body',
'Email Subject',
recipients=[stub_user.email],
),
]
def test_send_password_reset_email(
self,
verified,
email_addr,
pyramid_request,
pyramid_config,
token_service,
monkeypatch,
):
stub_user = pretend.stub(
id="id",
email="*****@*****.**",
primary_email=pretend.stub(email="*****@*****.**",
verified=verified),
username="******",
name="name_value",
last_login="******",
password_date="password_date",
)
if email_addr is None:
stub_email = None
else:
stub_email = pretend.stub(email=email_addr, verified=verified)
pyramid_request.method = "POST"
token_service.dumps = pretend.call_recorder(lambda a: "TOKEN")
pyramid_request.find_service = pretend.call_recorder(
lambda *a, **kw: token_service)
subject_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/subject.txt")
subject_renderer.string_response = "Email Subject"
body_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/body.txt")
body_renderer.string_response = "Email Body"
html_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/body.html")
html_renderer.string_response = "Email HTML Body"
send_email = pretend.stub(
delay=pretend.call_recorder(lambda *args, **kwargs: None))
pyramid_request.task = pretend.call_recorder(
lambda *args, **kwargs: send_email)
monkeypatch.setattr(email, "send_email", send_email)
result = email.send_password_reset_email(pyramid_request,
(stub_user, stub_email))
assert result == {
"token": "TOKEN",
"username": stub_user.username,
"n_hours": token_service.max_age // 60 // 60,
}
subject_renderer.assert_()
body_renderer.assert_(token="TOKEN", username=stub_user.username)
html_renderer.assert_(token="TOKEN", username=stub_user.username)
assert token_service.dumps.calls == [
pretend.call({
"action": "password-reset",
"user.id": str(stub_user.id),
"user.last_login": str(stub_user.last_login),
"user.password_date": str(stub_user.password_date),
})
]
assert pyramid_request.find_service.calls == [
pretend.call(ITokenService, name="password")
]
assert pyramid_request.task.calls == [pretend.call(send_email)]
assert send_email.delay.calls == [
pretend.call(
"name_value <" +
(stub_user.email if email_addr is None else email_addr) + ">",
attr.asdict(
EmailMessage(
subject="Email Subject",
body_text="Email Body",
body_html=(
"<html>\n<head></head>\n"
"<body><p>Email HTML Body</p></body>\n</html>\n"),
)),
)
]
def test_send_password_reset_email(
self,
verified,
email_addr,
pyramid_request,
pyramid_config,
token_service,
monkeypatch,
):
stub_user = pretend.stub(
id="id",
email="*****@*****.**",
primary_email=pretend.stub(email="*****@*****.**", verified=verified),
username="******",
name="name_value",
last_login="******",
password_date="password_date",
)
if email_addr is None:
stub_email = None
else:
stub_email = pretend.stub(email=email_addr, verified=verified)
pyramid_request.method = "POST"
token_service.dumps = pretend.call_recorder(lambda a: "TOKEN")
pyramid_request.find_service = pretend.call_recorder(
lambda *a, **kw: token_service
)
subject_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/subject.txt"
)
subject_renderer.string_response = "Email Subject"
body_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/body.txt"
)
body_renderer.string_response = "Email Body"
html_renderer = pyramid_config.testing_add_renderer(
"email/password-reset/body.html"
)
html_renderer.string_response = "Email HTML Body"
send_email = pretend.stub(
delay=pretend.call_recorder(lambda *args, **kwargs: None)
)
pyramid_request.task = pretend.call_recorder(lambda *args, **kwargs: send_email)
monkeypatch.setattr(email, "send_email", send_email)
result = email.send_password_reset_email(
pyramid_request, (stub_user, stub_email)
)
assert result == {
"token": "TOKEN",
"username": stub_user.username,
"n_hours": token_service.max_age // 60 // 60,
}
subject_renderer.assert_()
body_renderer.assert_(token="TOKEN", username=stub_user.username)
html_renderer.assert_(token="TOKEN", username=stub_user.username)
assert token_service.dumps.calls == [
pretend.call(
{
"action": "password-reset",
"user.id": str(stub_user.id),
"user.last_login": str(stub_user.last_login),
"user.password_date": str(stub_user.password_date),
}
)
]
assert pyramid_request.find_service.calls == [
pretend.call(ITokenService, name="password")
]
assert pyramid_request.task.calls == [pretend.call(send_email)]
assert send_email.delay.calls == [
pretend.call(
"name_value <"
+ (stub_user.email if email_addr is None else email_addr)
+ ">",
attr.asdict(
EmailMessage(
subject="Email Subject",
body_text="Email Body",
body_html=(
"<html>\n<head></head>\n"
"<body><p>Email HTML Body</p></body>\n</html>\n"
),
)
),
)
]
