Пример #1
0
def test_auth_activate_wrong_code(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={
            "email": "*****@*****.**",
            "password": "******"
        },
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.get(1)
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3

    # make sure to create a wrong code
    wrong_code = act_code.code + "123"

    r = flask_client.post(
        url_for("api.auth_activate"),
        json={
            "email": "*****@*****.**",
            "code": wrong_code
        },
    )
    assert r.status_code == 400

    # make sure the nb tries decrements
    act_code = AccountActivation.get(1)
    assert act_code.tries == 2
Пример #2
0
def auth_activate():
    """
    User enters the activation code to confirm their account.
    Input:
        email
        code
    Output:
        200: user account is now activated, user can login now
        400: wrong email, code
        410: wrong code too many times

    """
    data = request.get_json()
    if not data:
        return jsonify(error="request body cannot be empty"), 400

    email = sanitize_email(data.get("email"))
    code = data.get("code")

    user = User.get_by(email=email)

    # do not use a different message to avoid exposing existing email
    if not user or user.activated:
        # Trigger rate limiter
        g.deduct_limit = True
        return jsonify(error="Wrong email or code"), 400

    account_activation = AccountActivation.get_by(user_id=user.id)
    if not account_activation:
        # Trigger rate limiter
        g.deduct_limit = True
        return jsonify(error="Wrong email or code"), 400

    if account_activation.code != code:
        # decrement nb tries
        account_activation.tries -= 1
        db.session.commit()
        # Trigger rate limiter
        g.deduct_limit = True

        if account_activation.tries == 0:
            AccountActivation.delete(account_activation.id)
            db.session.commit()
            return jsonify(error="Too many wrong tries"), 410

        return jsonify(error="Wrong email or code"), 400

    LOG.debug("activate user %s", user)
    user.activated = True
    AccountActivation.delete(account_activation.id)
    db.session.commit()

    return jsonify(msg="Account is activated, user can login now"), 200
Пример #3
0
def test_auth_activate_success(flask_client):
    r = flask_client.post(
        url_for("api.auth_register"),
        json={
            "email": "*****@*****.**",
            "password": "******"
        },
    )

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.get(1)
    assert act_code
    assert len(act_code.code) == 6

    r = flask_client.post(
        url_for("api.auth_activate"),
        json={
            "email": "*****@*****.**",
            "code": act_code.code
        },
    )
    assert r.status_code == 200
Пример #4
0
def test_auth_register_success(flask_client):
    assert AccountActivation.get(1) is None

    r = flask_client.post(url_for("api.auth_register"),
                          json={
                              "email": "[email protected]",
                              "password": "******"
                          })

    assert r.status_code == 200
    assert r.json["msg"]

    # make sure an activation code is created
    act_code = AccountActivation.get(1)
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3
Пример #5
0
def auth_register():
    """
    User signs up - will need to activate their account with an activation code.
    Input:
        email
        password
    Output:
        200: user needs to confirm their account

    """
    data = request.get_json()
    if not data:
        return jsonify(error="request body cannot be empty"), 400

    email = sanitize_email(data.get("email"))
    password = data.get("password")

    if DISABLE_REGISTRATION:
        return jsonify(error="registration is closed"), 400
    if not email_can_be_used_as_mailbox(email) or personal_email_already_used(
            email):
        return jsonify(error=f"cannot use {email} as personal inbox"), 400

    if not password or len(password) < 8:
        return jsonify(error="password too short"), 400

    if len(password) > 100:
        return jsonify(error="password too long"), 400

    LOG.d("create user %s", email)
    user = User.create(email=email, name="", password=password)
    Session.flush()

    # create activation code
    code = "".join([str(random.randint(0, 9)) for _ in range(6)])
    AccountActivation.create(user_id=user.id, code=code)
    Session.commit()

    send_email(
        email,
        "Just one more step to join SimpleLogin",
        render("transactional/code-activation.txt.jinja2", code=code),
        render("transactional/code-activation.html", code=code),
    )

    return jsonify(msg="User needs to confirm their account"), 200
Пример #6
0
def test_auth_reactivate_success(flask_client):
    User.create(email="*****@*****.**", password="******", name="Test User")
    db.session.commit()

    r = flask_client.post(url_for("api.auth_reactivate"),
                          json={"email": "*****@*****.**"})
    assert r.status_code == 200

    # make sure an activation code is created
    act_code = AccountActivation.get(1)
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3
Пример #7
0
def auth_reactivate():
    """
    User asks for another activation code
    Input:
        email
    Output:
        200: user is going to receive an email for activate their account

    """
    data = request.get_json()
    if not data:
        return jsonify(error="request body cannot be empty"), 400

    email = sanitize_email(data.get("email"))
    user = User.get_by(email=email)

    # do not use a different message to avoid exposing existing email
    if not user or user.activated:
        return jsonify(error="Something went wrong"), 400

    account_activation = AccountActivation.get_by(user_id=user.id)
    if account_activation:
        AccountActivation.delete(account_activation.id)
        db.session.commit()

    # create activation code
    code = "".join([str(random.randint(0, 9)) for _ in range(6)])
    AccountActivation.create(user_id=user.id, code=code)
    db.session.commit()

    send_email(
        email,
        "Just one more step to join SimpleLogin",
        render("transactional/code-activation.txt", code=code),
        render("transactional/code-activation.html", code=code),
    )

    return jsonify(msg="User needs to confirm their account"), 200
Пример #8
0
def test_auth_activate_too_many_wrong_code(flask_client):
    r = flask_client.post(url_for("api.auth_register"),
                          json={
                              "email": "[email protected]",
                              "password": "******"
                          })

    assert r.status_code == 200
    assert r.json["msg"]

    # get the activation code
    act_code = AccountActivation.get(1)
    assert act_code
    assert len(act_code.code) == 6
    assert act_code.tries == 3

    # make sure to create a wrong code
    wrong_code = act_code.code + "123"

    for _ in range(2):
        r = flask_client.post(url_for("api.auth_activate"),
                              json={
                                  "email": "[email protected]",
                                  "code": wrong_code
                              })
        assert r.status_code == 400

    # the activation code is deleted
    r = flask_client.post(url_for("api.auth_activate"),
                          json={
                              "email": "[email protected]",
                              "code": wrong_code
                          })

    assert r.status_code == 410

    # make sure the nb tries decrements
    assert AccountActivation.get(1) is None