Exemplo n.º 1
0
    async def validate_and_save(self, context):
        data = context.get('data')
        db_session = context.get('db_session')
        save = context.get('save', True)

        is_new = await self.is_new()

        # USED
        used = data.get('used')
        if used is not None:
            self.used = used

        # TOKEN
        token = data.get('token')
        if token:
            self.token = token
        else:
            self.token = generate_token(20)

        # USER UID
        user_uid = data.get('user_uid')
        if user_uid:
            self.user_uid = user_uid
        else:
            if is_new:
                raise exceptions.InvalidRequestException('Missing user_uid')

        if save:
            db_session.save(self, safe=True)
Exemplo n.º 2
0
    def test_reset_password(self):
        response = self.client.post(url_for('auth.forget_password'),
                                    data=dict(email='*****@*****.**', ),
                                    follow_redirects=True)
        data = response.get_data(as_text=True)
        self.assertIn('Password reset email sent, check your inbox.', data)
        user = User.query.filter_by(email='*****@*****.**').first()
        self.assertTrue(user.validate_password('123'))

        token = generate_token(user=user, operation=Operations.RESET_PASSWORD)
        response = self.client.post(url_for('auth.reset_password',
                                            token=token),
                                    data=dict(email='*****@*****.**',
                                              password='******',
                                              password2='new-password'),
                                    follow_redirects=True)
        data = response.get_data(as_text=True)
        self.assertIn('Password updated.', data)
        self.assertTrue(user.validate_password('new-password'))
        self.assertFalse(user.validate_password('123'))

        # bad token
        response = self.client.post(url_for('auth.reset_password',
                                            token='bad token'),
                                    data=dict(email='*****@*****.**',
                                              password='******',
                                              password2='new-password'),
                                    follow_redirects=True)
        data = response.get_data(as_text=True)
        self.assertIn('Invalid or expired link.', data)
        self.assertNotIn('Password updated.', data)
Exemplo n.º 3
0
    async def validate_and_save(self, context):
        data = context.get('data')
        db_session = context.get('db_session')
        save = context.get('save', True)

        is_new = await self.is_new()

        # USED
        used = data.get('used')
        if used is not None:
            self.used = used

        # TOKEN
        token = data.get('token')
        if token:
            self.token = token
        else:
            self.token = generate_token(20)

        # USER UID
        user_uid = data.get('user_uid')
        if user_uid:
            self.user_uid = user_uid
        else:
            if is_new:
                raise exceptions.InvalidRequestException('Missing user_uid')

        if save:
            db_session.save(self, safe=True)
Exemplo n.º 4
0
def resend_confirm_email():
    if current_user.confirmed:
        return redirect(url_for('main.index'))

    token = generate_token(user=current_user, operation=Operations.CONFIRM)
    send_confirm_email(user=current_user, token=token)
    flash('New email sent, check your inbox.', 'info')
    return redirect(url_for('main.index'))
Exemplo n.º 5
0
def change_email_request():
    form = ChangeEmailForm()
    if form.validate_on_submit():
        token = generate_token(user=current_user, operation=Operations.CHANGE_EMAIL, new_email=form.email.data.lower())
        send_change_email_email(to=form.email.data, user=current_user, token=token)
        flash('Confirm email sent, check your inbox.', 'info')
        return redirect(url_for('.index', username=current_user.username))
    return render_template('user/settings/change_email.html', form=form)
Exemplo n.º 6
0
 def test_confirm_account(self):
     user = User.query.filter_by(email='*****@*****.**').first()
     self.assertFalse(user.confirmed)
     token = generate_token(user=user, operation='confirm')
     self.login(email='*****@*****.**', password='******')
     response = self.client.get(url_for('auth.confirm', token=token),
                                follow_redirects=True)
     data = response.get_data(as_text=True)
     self.assertIn('Account confirmed.', data)
     self.assertTrue(user.confirmed)
Exemplo n.º 7
0
def forget_password():
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))

    form = ForgetPasswordForm()
    if form.validate_on_submit():
        user = User.query.filter_by(email=form.email.data.lower()).first()
        if user:
            token = generate_token(user=user,
                                   operation=Operations.RESET_PASSWORD)
            send_reset_password_email(user=user, token=token)
            flash('Password reset email sent, check your inbox.', 'info')
            return redirect(url_for('.login'))
        flash('Invalid email.', 'warning')
        return redirect(url_for('.forget_password'))
    return render_template('auth/reset_password.html', form=form)
Exemplo n.º 8
0
    def test_change_email(self):
        user = User.query.get(2)
        self.assertEqual(user.email, '*****@*****.**')
        token = generate_token(user=user,
                               operation=Operations.CHANGE_EMAIL,
                               new_email='*****@*****.**')

        self.login()
        response = self.client.get(url_for('user.change_email', token=token),
                                   follow_redirects=True)
        data = response.get_data(as_text=True)
        self.assertIn('Email updated.', data)
        self.assertEqual(user.email, '*****@*****.**')

        response = self.client.get(url_for('user.change_email', token='bad'),
                                   follow_redirects=True)
        data = response.get_data(as_text=True)
        self.assertIn('Invalid or expired token.', data)
Exemplo n.º 9
0
HERE = os.path.abspath(os.path.dirname(__file__))
ROOT = os.path.join(HERE, '..')
sys.path.append(ROOT)

from jobs.send_email import PySendPulse  # noqa
from server.utils import generate_token  # noqa
from server.settings import config  # noqa
from server.auth.user import User  # noqa

config.configure(False)
user = User()
user.name = ''  # CHANGEME
user.email = ''  # CHANGEME

# SEND EMAIL VALIDATION TOKEN
email_validation_token = generate_token(20)
user.email_validation_token = email_validation_token

# FORMAT EMAIL TEMPLATE
email = config.get('email_confirmation_email')
email['text'] = email['text'].format(
    email_validation_token=email_validation_token
)
email['html'] = email['html'].format(
    email_validation_token=email_validation_token
)
email['to'][0]['email'] = email['to'][0]['email'].format(
    user_email=user.email
)
email['to'][0]['name'] = email['to'][0]['name'].format(
    user_name=user.name
HERE = os.path.abspath(os.path.dirname(__file__))
ROOT = os.path.join(HERE, '..')
sys.path.append(ROOT)

from jobs.send_email import PySendPulse  # noqa
from server.utils import generate_token  # noqa
from server.settings import config  # noqa
from server.auth.user import User  # noqa

config.configure(False)
user = User()
user.name = ''  # CHANGEME
user.email = ''  # CHANGEME

# SEND EMAIL VALIDATION TOKEN
email_validation_token = generate_token(20)
user.email_validation_token = email_validation_token

# FORMAT EMAIL TEMPLATE
email = config.get('email_confirmation_email')
email['text'] = email['text'].format(
    email_validation_token=email_validation_token)
email['html'] = email['html'].format(
    email_validation_token=email_validation_token)
email['to'][0]['email'] = email['to'][0]['email'].format(user_email=user.email)
email['to'][0]['name'] = email['to'][0]['name'].format(user_name=user.name)

SPApiProxy = PySendPulse(config.get('REST_API_ID'),
                         config.get('REST_API_SECRET'))
SPApiProxy.smtp_send_mail(email)
Exemplo n.º 11
0
async def set_csrf_token_session(session):
    if session.new:
        session['csrf_token'] = generate_token(20)
Exemplo n.º 12
0
async def set_csrf_token_session(session):
    if session.new:
        session['csrf_token'] = generate_token(20)