def _recover_password(self, address):
"""Email a recovery token for the user."""
_log.info("Recover password for %s", address)
if not _email_throttler.is_allowed():
_log.warn("Throttling to avoid being blacklisted")
raise HTTPErrorEx(
httplib.SERVICE_UNAVAILABLE,
"Request throttled",
headers={"Retry-After",
str(_email_throttler.interval_sec)})
db_sess = self.db_session()
try:
token = users.get_token(db_sess, address)
except ValueError:
# To avoid revealing who subscribes to our service to
# third parties, this must behave identically to the case
# where the email is recognised.
db_sess.rollback()
_log.info("Silently ignoring unrecognised email")
else:
db_sess.commit()
user = users.get_details(db_sess, address)
urlbase = self.request.protocol + "://" + self.request.host + \
settings.EMAIL_RECOVERY_PATH
mail.send_recovery_message(urlbase, user["email"],
user["full_name"], token)
self.send_success(httplib.OK)
def test_mainline(self, smtp):
address = "*****@*****.**"
full_name = "Robert Your Uncle"
token = "deadbeef01&2"
server = MagicMock()
smtp.return_value = server
self._message = None
def dosave(x, y, z):
self._message = z
server.sendmail.side_effect = dosave
urlbase = "https://www.example.com/forgotpassword?"
mail.send_recovery_message(urlbase, address, full_name, token)
smtp.assert_called_once_with(host = "smtp.example.com",
port = 25,
timeout = 10)
server.starttls.assert_called_once_with()
server.login.assert_called_once_with("anonymous", "password")
server.sendmail.assert_called_once_with("*****@*****.**", "*****@*****.**", ANY)
server.quit.assert_called_once_with()
self.assertIn("please click on the link", self._message)
self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message)
self.assertIn("https://www.example.com/forgotpassword?email=bob%40example.com&token=deadbeef01%262", self._message)
self.assertTrue(self._message.startswith("From: "), msg=">>" + self._message + "<<")
def _recover_password(self, address):
"""Email a recovery token for the user."""
_log.info("Recover password for %s", address)
if not _email_throttler.is_allowed():
_log.warn("Throttling to avoid being blacklisted")
raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)})
db_sess = self.db_session()
try:
token = users.get_token(db_sess, address)
db_sess.commit()
except ValueError:
# To avoid revealing who subscribes to our service to
# third parties, this must behave identically to the case
# where the email is recognised.
_log.info("Silently ignoring unrecognised email")
else:
user = users.get_details(db_sess, address)
urlbase = self.request.protocol + "://" + self.request.host + \
settings.EMAIL_RECOVERY_PATH
mail.send_recovery_message(urlbase, user["email"], user["full_name"], token)
self.send_success(httplib.OK)
