def setUpToken(self, email):
"""Test e-mail token."""
userDb = self.userDb
self.registerToken = sesEmail.createToken(email, userDb,
"validate_email")
postJson = {"token": self.registerToken}
return self.app.post_json("/v1/confirm_email_token/", postJson)
def sendResetPasswordEmail(self,
user,
system_email,
email=None,
unlock_user=False):
if email is None:
email = user.email
# User must be approved and active to reset password
if user.user_status_id != self.interfaces.userDb.getUserStatusId(
"approved"):
raise ResponseException(
"User must be approved before resetting password",
StatusCode.CLIENT_ERROR)
elif not unlock_user and not user.is_active:
raise ResponseException("User is locked, cannot reset password",
StatusCode.CLIENT_ERROR)
# If unlocking a user, wipe out current password
if unlock_user:
UserHandler().clearPassword(user)
self.interfaces.userDb.session.commit()
# Send email with token
emailToken = sesEmail.createToken(email, "password_reset")
link = "".join(
[AccountHandler.FRONT_END, '#/forgotpassword/', emailToken])
emailTemplate = {'[URL]': link}
templateType = "unlock_account" if unlock_user else "reset_password"
newEmail = sesEmail(user.email,
system_email,
templateType=templateType,
parameters=emailTemplate,
database=self.interfaces.userDb)
newEmail.send()
def createEmailConfirmation(self,system_email,session):
"""
Creates user record and email
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
"""
requestFields = RequestDictionary(self.request)
if(not requestFields.exists("email")):
exc = ResponseException("Request body must include email", StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc,exc.status)
email = requestFields.getValue("email")
if( not re.match("[^@]+@[^@]+\.[^@]+",email)) :
return JsonResponse.error(ValueError("Invalid Email Format"),StatusCode.CLIENT_ERROR)
try :
user = self.interfaces.userDb.getUserByEmail(requestFields.getValue("email"))
except ResponseException as e:
self.interfaces.userDb.addUnconfirmedEmail(email)
else:
if(not (user.user_status_id == self.interfaces.userDb.getUserStatusId("awaiting_confirmation") or user.user_status_id == self.interfaces.userDb.getUserStatusId("email_confirmed"))):
exc = ResponseException("User already registered", StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc,exc.status)
emailToken = sesEmail.createToken(email,self.interfaces.userDb,"validate_email")
link= "".join([AccountHandler.FRONT_END,'#/registration/',emailToken])
emailTemplate = {'[USER]': email, '[URL]':link}
newEmail = sesEmail(email, system_email,templateType="validate_email",parameters=emailTemplate,database=self.interfaces.userDb)
newEmail.send()
return JsonResponse.create(StatusCode.OK,{"message":"Email Sent"})
def setUpToken(self, email):
"""Test e-mail token."""
self.registerToken = sesEmail.createToken(email, "validate_email")
postJson = {"token": self.registerToken}
return self.app.post_json("/v1/confirm_email_token/",
postJson,
headers={"x-session-id": self.session_id})
def resetPassword(self,system_email,session):
"""
Remove old password and email user a token to set a new password. Request should have key "email"
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
"""
requestDict = RequestDictionary(self.request)
if(not (requestDict.exists("email"))):
# Don't have the keys we need in request
exc = ResponseException("Reset password route requires key 'email'",StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc,exc.status)
# Get user object
try:
user = self.interfaces.userDb.getUserByEmail(requestDict.getValue("email"))
except Exception as e:
exc = ResponseException("Unknown Error",StatusCode.CLIENT_ERROR,ValueError)
return JsonResponse.error(exc,exc.status)
LoginSession.logout(session)
self.interfaces.userDb.session.commit()
email = requestDict.getValue("email")
# Send email with token
emailToken = sesEmail.createToken(email,self.interfaces.userDb,"password_reset")
link= "".join([ AccountHandler.FRONT_END,'#/forgotpassword/',emailToken])
emailTemplate = { '[URL]':link}
newEmail = sesEmail(user.email, system_email,templateType="reset_password",parameters=emailTemplate,database=self.interfaces.userDb)
newEmail.send()
# Return success message
return JsonResponse.create(StatusCode.OK,{"message":"Password reset"})
def test_check_email_token(self):
"""Test valid e-mail token."""
userDb = self.userDb
#make a token based on a user
token = sesEmail.createToken(self.test_users["password_reset_email"], userDb, "validate_email")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_email_token/", postJson)
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
def test_check_password_token(self):
"""Test password reset with valid token."""
userDb = self.userDb
#make a token based on a user
token = sesEmail.createToken(self.test_users["admin_email"], userDb,
"password_reset")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_password_token/", postJson)
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
def test_check_password_token(self):
"""Test password reset with valid token."""
userDb = self.userDb
#make a token based on a user
token = sesEmail.createToken(
self.test_users["admin_email"], userDb, "password_reset")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_password_token/", postJson, headers={"x-session-id":self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
def test_check_email_token(self):
"""Test valid e-mail token."""
#make a token based on a user
token = sesEmail.createToken(self.test_users["password_reset_email"],
"validate_email")
postJson = {"token": token}
response = self.app.post_json(
"/v1/confirm_email_token/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
def create_email_confirmation(self,system_email):
"""
Creates user record and email
arguments:
system_email -- (string) email used to send messages
"""
sess = GlobalDB.db().session
request_fields = RequestDictionary.derive(self.request)
try:
if 'email' not in request_fields:
raise ResponseException(
"Request body must include email", StatusCode.CLIENT_ERROR)
email = request_fields['email']
if not re.match("[^@]+@[^@]+\.[^@]+",email):
raise ValueError("Invalid Email Format")
except (ResponseException, ValueError) as exc:
return JsonResponse.error(exc, StatusCode.CLIENT_ERROR)
try :
user = sess.query(User).filter(
func.lower(User.email) == func.lower(request_fields['email'])
).one()
except NoResultFound:
# Create user with specified email if none is found
user = User(email=email)
user.user_status_id = USER_STATUS_DICT["awaiting_confirmation"]
user.permissions = 0
sess.add(user)
sess.commit()
else:
try:
good_statuses = (USER_STATUS_DICT["awaiting_confirmation"],
USER_STATUS_DICT["email_confirmed"])
if user.user_status_id not in good_statuses:
raise ResponseException(
"User already registered", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
email_token = sesEmail.createToken(email, "validate_email")
link= "".join([AccountHandler.FRONT_END,'#/registration/',email_token])
email_template = {'[USER]': email, '[URL]':link}
new_email = sesEmail(email, system_email,templateType="validate_email",parameters=email_template)
new_email.send()
return JsonResponse.create(StatusCode.OK,{"message":"Email Sent"})
def createEmailConfirmation(self, system_email, session):
"""
Creates user record and email
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
"""
requestFields = RequestDictionary(self.request)
if (not requestFields.exists("email")):
exc = ResponseException("Request body must include email",
StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc, exc.status)
email = requestFields.getValue("email")
if (not re.match("[^@]+@[^@]+\.[^@]+", email)):
return JsonResponse.error(ValueError("Invalid Email Format"),
StatusCode.CLIENT_ERROR)
try:
user = self.interfaces.userDb.getUserByEmail(
requestFields.getValue("email"))
except ResponseException as e:
self.interfaces.userDb.addUnconfirmedEmail(email)
else:
if (not (user.user_status_id == self.interfaces.userDb.
getUserStatusId("awaiting_confirmation")
or user.user_status_id == self.interfaces.userDb.
getUserStatusId("email_confirmed"))):
exc = ResponseException("User already registered",
StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc, exc.status)
emailToken = sesEmail.createToken(email, self.interfaces.userDb,
"validate_email")
link = "".join(
[AccountHandler.FRONT_END, '#/registration/', emailToken])
emailTemplate = {'[USER]': email, '[URL]': link}
newEmail = sesEmail(email,
system_email,
templateType="validate_email",
parameters=emailTemplate,
database=self.interfaces.userDb)
newEmail.send()
return JsonResponse.create(StatusCode.OK, {"message": "Email Sent"})
def resetPassword(self, system_email, session):
"""
Remove old password and email user a token to set a new password. Request should have key "email"
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
"""
requestDict = RequestDictionary(self.request)
if (not (requestDict.exists("email"))):
# Don't have the keys we need in request
exc = ResponseException(
"Reset password route requires key 'email'",
StatusCode.CLIENT_ERROR)
return JsonResponse.error(exc, exc.status)
# Get user object
try:
user = self.interfaces.userDb.getUserByEmail(
requestDict.getValue("email"))
except Exception as e:
exc = ResponseException("Unknown Error", StatusCode.CLIENT_ERROR,
ValueError)
return JsonResponse.error(exc, exc.status)
LoginSession.logout(session)
self.interfaces.userDb.session.commit()
email = requestDict.getValue("email")
# Send email with token
emailToken = sesEmail.createToken(email, self.interfaces.userDb,
"password_reset")
link = "".join(
[AccountHandler.FRONT_END, '#/forgotpassword/', emailToken])
emailTemplate = {'[URL]': link}
newEmail = sesEmail(user.email,
system_email,
templateType="reset_password",
parameters=emailTemplate,
database=self.interfaces.userDb)
newEmail.send()
# Return success message
return JsonResponse.create(StatusCode.OK,
{"message": "Password reset"})
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json("/v1/reset_password/", postJson)
self.check_response(response, StatusCode.OK)
userDb = self.userDb
token = sesEmail.createToken(
self.test_users["password_reset_email"], userDb, "password_reset")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_password_token/", postJson)
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json("/v1/set_password/", postJson)
self.check_response(response, StatusCode.OK, "Password successfully changed")
user = userDb.getUserByEmail(email)
self.assertTrue(user.password_hash)
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json("/v1/reset_password/", postJson, headers={"x-session-id":self.session_id})
self.check_response(response, StatusCode.OK)
# Test password reset for unapproved user and locked user
userDb = self.userDb
user = userDb.getUserByEmail(email)
user.user_status_id = userDb.getUserStatusId("awaiting_approval")
userDb.session.commit()
response = self.app.post_json("/v1/reset_password/", postJson, headers={"x-session-id":self.session_id}, expect_errors = True)
self.check_response(response, StatusCode.CLIENT_ERROR)
user.user_status_id = userDb.getUserStatusId("approved")
user.is_active = False
userDb.session.commit()
response = self.app.post_json("/v1/reset_password/", postJson, headers={"x-session-id":self.session_id}, expect_errors = True)
self.check_response(response, StatusCode.CLIENT_ERROR)
# Test route to confirm tokens
token = sesEmail.createToken(
self.test_users["password_reset_email"], userDb, "password_reset")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_password_token/", postJson, headers={"x-session-id":self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json("/v1/set_password/", postJson, headers={"x-session-id":self.session_id})
self.check_response(response, StatusCode.OK, "Password successfully changed")
user = userDb.getUserByEmail(email)
self.assertTrue(user.password_hash)
# Call again, should error
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json("/v1/set_password/", postJson, headers={"x-session-id":self.session_id}, expect_errors = True)
self.check_response(response, StatusCode.LOGIN_REQUIRED)
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json("/v1/reset_password/", postJson)
self.check_response(response, StatusCode.OK)
userDb = self.userDb
token = sesEmail.createToken(self.test_users["password_reset_email"],
userDb, "password_reset")
postJson = {"token": token}
response = self.app.post_json("/v1/confirm_password_token/", postJson)
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json("/v1/set_password/", postJson)
self.check_response(response, StatusCode.OK,
"Password successfully changed")
user = userDb.getUserByEmail(email)
self.assertTrue(user.password_hash)
def sendResetPasswordEmail(self, user, system_email, email=None, unlock_user=False):
if email is None:
email = user.email
# User must be approved and active to reset password
if user.user_status_id != self.interfaces.userDb.getUserStatusId("approved"):
raise ResponseException("User must be approved before resetting password", StatusCode.CLIENT_ERROR)
elif not unlock_user and not user.is_active:
raise ResponseException("User is locked, cannot reset password", StatusCode.CLIENT_ERROR)
# If unlocking a user, wipe out current password
if unlock_user:
UserHandler().clearPassword(user)
self.interfaces.userDb.session.commit()
# Send email with token
emailToken = sesEmail.createToken(email, self.interfaces.userDb, "password_reset")
link = "".join([AccountHandler.FRONT_END, '#/forgotpassword/', emailToken])
emailTemplate = {'[URL]': link}
templateType = "unlock_account" if unlock_user else "reset_password"
newEmail = sesEmail(user.email, system_email, templateType=templateType,
parameters=emailTemplate, database=self.interfaces.userDb)
newEmail.send()
def send_reset_password_email(self, user, system_email, email=None, unlock_user=False):
sess = GlobalDB.db().session
if email is None:
email = user.email
# User must be approved and active to reset password
if user.user_status_id != USER_STATUS_DICT["approved"]:
raise ResponseException("User must be approved before resetting password", StatusCode.CLIENT_ERROR)
elif not unlock_user and not user.is_active:
raise ResponseException("User is locked, cannot reset password", StatusCode.CLIENT_ERROR)
# If unlocking a user, wipe out current password
if unlock_user:
user.salt = None
user.password_hash = None
sess.commit()
# Send email with token
email_token = sesEmail.createToken(email, "password_reset")
link = "".join([AccountHandler.FRONT_END, '#/forgotpassword/', email_token])
email_template = {'[URL]': link}
template_type = "unlock_account" if unlock_user else "reset_password"
new_email = sesEmail(user.email, system_email, templateType=template_type, parameters=email_template)
new_email.send()
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK)
# Test password reset for unapproved user and locked user
userDb = self.userDb
user = userDb.getUserByEmail(email)
user.user_status_id = userDb.getUserStatusId("awaiting_approval")
userDb.session.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
user.user_status_id = userDb.getUserStatusId("approved")
user.is_active = False
userDb.session.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
# Test route to confirm tokens
token = sesEmail.createToken(self.test_users["password_reset_email"],
userDb, "password_reset")
postJson = {"token": token}
response = self.app.post_json(
"/v1/confirm_password_token/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK,
"Password successfully changed")
user = userDb.getUserByEmail(email)
self.assertTrue(user.password_hash)
# Call again, should error
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.LOGIN_REQUIRED)
def setUpToken(self,email):
"""Test e-mail token."""
userDb = self.userDb
self.registerToken = sesEmail.createToken(email, userDb, "validate_email")
postJson = {"token": self.registerToken}
return self.app.post_json("/v1/confirm_email_token/", postJson)
def test_password_reset_email(self):
"""Test password reset email."""
self.logout()
email = self.test_users["password_reset_email"]
postJson = {"email": email}
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK)
# Test password reset for unapproved user and locked user
with createApp().app_context():
sess = GlobalDB.db().session
user = sess.query(User).filter(User.email == email).one()
user.user_status_id = self.userStatusDict['awaiting_approval']
sess.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
user.user_status_id = self.userStatusDict['approved']
user.is_active = False
sess.commit()
response = self.app.post_json(
"/v1/reset_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.CLIENT_ERROR)
# Test route to confirm tokens
token = sesEmail.createToken(
self.test_users["password_reset_email"], "password_reset")
postJson = {"token": token}
response = self.app.post_json(
"/v1/confirm_password_token/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK, "success")
self.assertEqual(response.json["errorCode"], sesEmail.LINK_VALID)
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id})
self.check_response(response, StatusCode.OK,
"Password successfully changed")
user = sess.query(User).filter(User.email == email).one()
self.assertTrue(user.password_hash)
# Call again, should error
postJson = {"user_email": email, "password": self.user_password}
response = self.app.post_json(
"/v1/set_password/",
postJson,
headers={"x-session-id": self.session_id},
expect_errors=True)
self.check_response(response, StatusCode.LOGIN_REQUIRED)
