def POST(self):
# Reads the email in the HTTP request parameters
email = web.input(email=None).email
# Check if the user exists and is active
user = User.get_user(email)
if user is None or not user.active:
raise http.Forbidden("Utilisateur inconnu")
# Checks if there is already an active password token matching this email
current_password_token = PasswordToken.get_password_token(email)
if current_password_token is not None:
formatted_creation_dt = formatting.format_date(dates.change_timezone(current_password_token.creation_dt), "%d/%m/%y %H:%M")
raise http.Forbidden(u"Demande similaire déjà effectuée le %s" % formatted_creation_dt)
# Creates a new password token valid for 2 days
password_token = PasswordToken(validity=2, user=user, token=PasswordToken.generate_random_token(16))
config.orm.add(password_token)
# Registers an email notification
http.register_hook(lambda: notify_via_email(password_token, Events.NEW))
return u"Instructions en cours d'envoi à %s" % email
def POST(self):
# Reads the email in the HTTP request parameters
email = web.input(email=None).email
# Check if the user exists and is active
user = User.get_user(email)
if user is None or not user.active:
raise http.Forbidden("Utilisateur inconnu")
# Checks if there is already an active password token matching this email
current_password_token = PasswordToken.get_password_token(email)
if current_password_token is not None:
formatted_creation_dt = formatting.format_date(
dates.change_timezone(current_password_token.creation_dt),
"%d/%m/%y %H:%M")
raise http.Forbidden(u"Demande similaire déjà effectuée le %s" %
formatted_creation_dt)
# Creates a new password token valid for 2 days
password_token = PasswordToken(
validity=2,
user=user,
token=PasswordToken.generate_random_token(16))
config.orm.add(password_token)
# Registers an email notification
http.register_hook(
lambda: notify_via_email(password_token, Events.NEW))
return u"Instructions en cours d'envoi à %s" % email
def test_recover_password(self):
try:
old_tokens = [password_token.token for password_token in PasswordToken.all()]
self.assertEqual(len(old_tokens), 2)
response = app.request("/recover/password", method="POST", data={"email" : UserData.franck_p.email}) #@UndefinedVariable
self.assertEqual(response.status, HTTP_OK)
self.assertIn(UserData.franck_p.email, response.data)
new_password_token = config.orm.query(PasswordToken).filter(~PasswordToken.token.in_(old_tokens)).one() #@UndefinedVariable
self.assertEquals(new_password_token.user, UserData.franck_p)
self.assertFalse(new_password_token.expired)
response = app.request("/recover/password", method="POST", data={"email" : UserData.franck_p.email}) #@UndefinedVariable
self.assertEqual(response.status, HTTP_FORBIDDEN)
self.assertIn("Demande similaire", response.data)
finally:
#TODO: should be done by the fixture
new_password_token = config.orm.query(PasswordToken).filter(~PasswordToken.token.in_(old_tokens)).one() #@UndefinedVariable
config.orm.delete(new_password_token)
config.orm.commit()
def test_all(self):
all_password_tokens = PasswordToken.all()
self.assertEqual(len(all_password_tokens), 2)
[
self.assertIsInstance(token, PasswordToken)
for token in all_password_tokens
]
def GET(self):
# Reads the token in the HTTP request parameters
token = web.input(token=None).token
# Checks if the token is valid
password_token = PasswordToken.get_token(token)
if password_token is None or password_token.expired:
raise http.Forbidden()
# The fieldset is bound to the user associated with the token
password_fieldset = user_forms.NewPasswordFieldSet().bind(password_token.user)
return config.views.layout(config.views.creation_form(password_fieldset))
def test_get_token(self):
# These tests work because a PasswordTokenData has a similar structure to a PasswordToken
# When Tournament.__eq__ is called, it compares the fields without caring of the parameters' actual types
self.assertIsNone(PasswordToken.get_token(None))
self.assertIsNone(PasswordToken.get_token(""))
self.assertIsNone(PasswordToken.get_token("invalid_token"))
self.assertIsNone(PasswordToken.get_token("znc9TNqpajeN2nEH"))
self.assertIsNone(PasswordToken.get_token("xjRp67wh3HdjEI6I"))
self.assertEquals(PasswordToken.get_token("goB9Z7fhsUrjXHDi"), PasswordTokenData.password_token_expired)
self.assertEquals(PasswordToken.get_token("xYCPayfPCPEPCPaL"), PasswordTokenData.password_token_active)
def GET(self):
# Reads the token in the HTTP request parameters
token = web.input(token=None).token
# Checks if the token is valid
password_token = PasswordToken.get_token(token)
if password_token is None or password_token.expired:
raise http.Forbidden()
# The fieldset is bound to the user associated with the token
password_fieldset = user_forms.NewPasswordFieldSet().bind(
password_token.user)
return config.views.layout(
config.views.creation_form(password_fieldset))
def test_get_token(self):
# These tests work because a PasswordTokenData has a similar structure to a PasswordToken
# When Tournament.__eq__ is called, it compares the fields without caring of the parameters' actual types
self.assertIsNone(PasswordToken.get_token(None))
self.assertIsNone(PasswordToken.get_token(""))
self.assertIsNone(PasswordToken.get_token("invalid_token"))
self.assertIsNone(PasswordToken.get_token("znc9TNqpajeN2nEH"))
self.assertIsNone(PasswordToken.get_token("xjRp67wh3HdjEI6I"))
self.assertEquals(PasswordToken.get_token("goB9Z7fhsUrjXHDi"),
PasswordTokenData.password_token_expired)
self.assertEquals(PasswordToken.get_token("xYCPayfPCPEPCPaL"),
PasswordTokenData.password_token_active)
def POST(self):
# Reads the token in the HTTP request parameters
token = web.input(token=None).token
# Checks if the token is valid
password_token = PasswordToken.get_token(token)
if password_token is None or password_token.expired:
raise http.Forbidden()
# The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used
password_fieldset = user_forms.NewPasswordFieldSet(password_token).bind(password_token.user, data=web.input())
# Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process)
if password_fieldset.validate():
password_fieldset.sync()
http.register_hook(lambda: session.login_workflow(password_fieldset.model))
raise web.seeother("/")
else:
return config.views.layout(config.views.creation_form(password_fieldset))
def POST(self):
# Reads the token in the HTTP request parameters
token = web.input(token=None).token
# Checks if the token is valid
password_token = PasswordToken.get_token(token)
if password_token is None or password_token.expired:
raise http.Forbidden()
# The fieldset is bound to the form data & the user associated with the token : the token itself is passed because it should expire when successfully used
password_fieldset = user_forms.NewPasswordFieldSet(
password_token).bind(password_token.user, data=web.input())
# Synchronizes the fieldset & registers a delayed login of the user (we could do it now but it's better to isolate the login process)
if password_fieldset.validate():
password_fieldset.sync()
http.register_hook(
lambda: session.login_workflow(password_fieldset.model))
raise web.seeother("/")
else:
return config.views.layout(
config.views.creation_form(password_fieldset))
def test_all(self):
all_password_tokens = PasswordToken.all()
self.assertEqual(len(all_password_tokens), 2)
[self.assertIsInstance(token, PasswordToken) for token in all_password_tokens]
