def test_reset_password_unitadmin(client): user = models.User.query.filter_by(username="******").first() nr_proj_user_keys_total_before = models.ProjectUserKeys.query.count() assert nr_proj_user_keys_total_before > 0 nr_proj_user_keys_before = len(user.project_user_keys) assert nr_proj_user_keys_before > 0 user_pw_hash_before = user._password_hash user_public_key_before = user.public_key # Add new row to password reset new_reset_row = models.PasswordReset(user=user, email=user.primary_email, issued=utils.timestamp()) db.session.add(new_reset_row) db.session.commit() # Need to use a valid token for the get request to get the form token valid_reset_token = get_valid_reset_token("unitadmin") response = client.get(tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, follow_redirects=True) assert response.status_code == http.HTTPStatus.OK assert flask.request.path == tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token form_token = flask.g.csrf_token form_data = { "csrf_token": form_token, "password": "******", "confirm_password": "******", "submit": "Reset Password", } response = client.post(tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, json=form_data, follow_redirects=True) assert response.status_code == http.HTTPStatus.OK assert flask.request.path == tests.DDSEndpoint.PASSWORD_RESET_COMPLETED user = models.User.query.filter_by(username="******").first() # All users project keys should have been removed nr_proj_user_keys_after = len(user.project_user_keys) assert nr_proj_user_keys_after == 0 # Total nr of project user keys should be decreased nr_proj_user_keys_total_after = models.ProjectUserKeys.query.count() assert nr_proj_user_keys_total_after < nr_proj_user_keys_total_before assert nr_proj_user_keys_total_after != nr_proj_user_keys_total_before # Password should have changed user_pw_hash_after = user._password_hash assert user_pw_hash_before != user_pw_hash_after # Check that public key has changed user_public_key_after = user.public_key assert user_public_key_before != user_public_key_after
def test_reset_password_invalid_token_post(client): nr_proj_user_keys_before = models.ProjectUserKeys.query.count() user = models.User.query.filter_by(username="******").first() researchuser_pw_hash_before = user._password_hash # Add new row to password reset new_reset_row = models.PasswordReset(user=user, email=user.primary_email, issued=utils.timestamp()) db.session.add(new_reset_row) db.session.commit() # Need to use a valid token for the get request to get the form token valid_reset_token = get_valid_reset_token("researchuser") response = client.get(tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, follow_redirects=True) assert response.status_code == http.HTTPStatus.OK assert flask.request.path == tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token form_token = flask.g.csrf_token form_data = { "csrf_token": form_token, "password": "******", "confirm_password": "******", "submit": "Reset Password", } auth_token_header = tests.UserAuth( tests.USER_CREDENTIALS["unituser"]).token(client) invalid_token = auth_token_header["Authorization"].split(" ")[1] response = client.post(tests.DDSEndpoint.RESET_PASSWORD + invalid_token, json=form_data, follow_redirects=True) assert response.status_code == http.HTTPStatus.OK assert flask.request.path == tests.DDSEndpoint.INDEX # Just make sure no project user keys has been removed nr_proj_user_keys_after = models.ProjectUserKeys.query.count() assert nr_proj_user_keys_before == nr_proj_user_keys_after researchuser_pw_hash_after = (models.User.query.filter_by( username="******").first()._password_hash) assert researchuser_pw_hash_before == researchuser_pw_hash_after
def request_reset_password(): """Request to reset password when password is lost.""" # Reset forgotten password only allowed if logged out if flask_login.current_user.is_authenticated: return flask.redirect(flask.url_for("pages.home")) # Validate form form = forms.RequestResetForm() if form.validate_on_submit(): email = models.Email.query.filter_by(email=form.email.data).first() if email.user.is_active: token = dds_web.security.tokens.encrypted_jwt_token( username=email.user.username, sensitive_content=None, expires_in=datetime.timedelta( seconds=3600, ), additional_claims={"rst": "pwd"}, ) # Create row in password reset table ongoing_password_reset = models.PasswordReset.query.filter_by( email=email.email ).one_or_none() if ongoing_password_reset: ongoing_password_reset.issued = dds_web.utils.current_time() ongoing_password_reset.valid = True else: new_password_reset = models.PasswordReset( user=email.user, email=email.email, issued=dds_web.utils.current_time() ) db.session.add(new_password_reset) db.session.commit() dds_web.utils.send_reset_email(email_row=email, token=token) flask.flash("An email has been sent with instructions to reset your password.") return flask.redirect(flask.url_for("auth_blueprint.login")) flask.flash("Your account is deactivated. You cannot reset your password.", "warning") # Show form return flask.render_template("user/request_reset_password.html", form=form)