def test_ForgotPasswordSchema_adds_user_to_appstruct(config, user_model):
request = csrf_request(config)
schema = schemas.ForgotPasswordSchema().bind(request=request)
user = user_model.get_by_email.return_value
appstruct = schema.deserialize({'email': '*****@*****.**'})
assert appstruct['user'] == user
def test_it_returns_user_when_valid(self, pyramid_csrf_request,
user_model):
schema = schemas.ForgotPasswordSchema().bind(
request=pyramid_csrf_request)
user = user_model.get_by_email.return_value
appstruct = schema.deserialize({'email': '*****@*****.**'})
assert appstruct['user'] == user
def test_ForgotPasswordSchema_invalid_with_no_user(config, user_model):
request = csrf_request(config)
schema = schemas.ForgotPasswordSchema().bind(request=request)
user_model.get_by_email.return_value = None
with pytest.raises(colander.Invalid) as exc:
schema.deserialize({'email': '*****@*****.**'})
assert 'email' in exc.value.asdict()
assert 'no user with the email address' in exc.value.asdict()['email']
def test_it_is_invalid_with_no_user(self, pyramid_csrf_request,
user_model):
schema = schemas.ForgotPasswordSchema().bind(
request=pyramid_csrf_request)
user_model.get_by_email.return_value = None
with pytest.raises(colander.Invalid) as exc:
schema.deserialize({'email': '*****@*****.**'})
assert 'email' in exc.value.asdict()
assert exc.value.asdict()['email'] == 'Unknown email address.'
def forgot_password(self):
"""
Handle submission of the forgot password form.
Validates that the email is one we know about, and then generates a new
activation for the associated user, and dispatches a "reset your
password" email which contains a token and/or link to the reset
password form.
"""
schema = schemas.ForgotPasswordSchema().bind(request=self.request)
form = deform.Form(schema)
# Nothing to do here for logged-in users
if self.request.authenticated_userid is not None:
return httpexceptions.HTTPFound(
location=self.forgot_password_redirect)
err, appstruct = validate_form(form, self.request.POST.items())
if err is not None:
return err
# If the validation passes, we assume the user exists.
#
# TODO: fix this latent race condition by returning a user object in
# the appstruct.
user = User.get_by_email(appstruct['email'])
# Create a new activation for this user. Any previous activation will
# get overwritten.
activation = Activation()
self.request.db.add(activation)
user.activation = activation
# Write the new activation to the database in order to set up the
# foreign key field and generate the code.
self.request.db.flush()
# Send the reset password email
code = user.activation.code
link = reset_password_link(self.request, code)
message = reset_password_email(user, code, link)
mailer = get_mailer(self.request)
mailer.send(message)
self.request.session.flash(
_("Please check your email to finish "
"resetting your password."), "success")
return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def __init__(self, request):
self.request = request
self.schema = schemas.ForgotPasswordSchema().bind(request=self.request)
self.form = deform.Form(self.schema, buttons=(_('Request reset'), ))
