def test_reset_password_unitadmin(client):
user = models.User.query.filter_by(username="******").first()
nr_proj_user_keys_total_before = models.ProjectUserKeys.query.count()
assert nr_proj_user_keys_total_before > 0
nr_proj_user_keys_before = len(user.project_user_keys)
assert nr_proj_user_keys_before > 0
user_pw_hash_before = user._password_hash
user_public_key_before = user.public_key
# Add new row to password reset
new_reset_row = models.PasswordReset(user=user,
email=user.primary_email,
issued=utils.timestamp())
db.session.add(new_reset_row)
db.session.commit()
# Need to use a valid token for the get request to get the form token
valid_reset_token = get_valid_reset_token("unitadmin")
response = client.get(tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token,
follow_redirects=True)
assert response.status_code == http.HTTPStatus.OK
assert flask.request.path == tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token
form_token = flask.g.csrf_token
form_data = {
"csrf_token": form_token,
"password": "******",
"confirm_password": "******",
"submit": "Reset Password",
}
response = client.post(tests.DDSEndpoint.RESET_PASSWORD +
valid_reset_token,
json=form_data,
follow_redirects=True)
assert response.status_code == http.HTTPStatus.OK
assert flask.request.path == tests.DDSEndpoint.PASSWORD_RESET_COMPLETED
user = models.User.query.filter_by(username="******").first()
# All users project keys should have been removed
nr_proj_user_keys_after = len(user.project_user_keys)
assert nr_proj_user_keys_after == 0
# Total nr of project user keys should be decreased
nr_proj_user_keys_total_after = models.ProjectUserKeys.query.count()
assert nr_proj_user_keys_total_after < nr_proj_user_keys_total_before
assert nr_proj_user_keys_total_after != nr_proj_user_keys_total_before
# Password should have changed
user_pw_hash_after = user._password_hash
assert user_pw_hash_before != user_pw_hash_after
# Check that public key has changed
user_public_key_after = user.public_key
assert user_public_key_before != user_public_key_after
def test_reset_password_invalid_token_post(client):
nr_proj_user_keys_before = models.ProjectUserKeys.query.count()
user = models.User.query.filter_by(username="******").first()
researchuser_pw_hash_before = user._password_hash
# Add new row to password reset
new_reset_row = models.PasswordReset(user=user,
email=user.primary_email,
issued=utils.timestamp())
db.session.add(new_reset_row)
db.session.commit()
# Need to use a valid token for the get request to get the form token
valid_reset_token = get_valid_reset_token("researchuser")
response = client.get(tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token,
follow_redirects=True)
assert response.status_code == http.HTTPStatus.OK
assert flask.request.path == tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token
form_token = flask.g.csrf_token
form_data = {
"csrf_token": form_token,
"password": "******",
"confirm_password": "******",
"submit": "Reset Password",
}
auth_token_header = tests.UserAuth(
tests.USER_CREDENTIALS["unituser"]).token(client)
invalid_token = auth_token_header["Authorization"].split(" ")[1]
response = client.post(tests.DDSEndpoint.RESET_PASSWORD + invalid_token,
json=form_data,
follow_redirects=True)
assert response.status_code == http.HTTPStatus.OK
assert flask.request.path == tests.DDSEndpoint.INDEX
# Just make sure no project user keys has been removed
nr_proj_user_keys_after = models.ProjectUserKeys.query.count()
assert nr_proj_user_keys_before == nr_proj_user_keys_after
researchuser_pw_hash_after = (models.User.query.filter_by(
username="******").first()._password_hash)
assert researchuser_pw_hash_before == researchuser_pw_hash_after
def request_reset_password():
"""Request to reset password when password is lost."""
# Reset forgotten password only allowed if logged out
if flask_login.current_user.is_authenticated:
return flask.redirect(flask.url_for("pages.home"))
# Validate form
form = forms.RequestResetForm()
if form.validate_on_submit():
email = models.Email.query.filter_by(email=form.email.data).first()
if email.user.is_active:
token = dds_web.security.tokens.encrypted_jwt_token(
username=email.user.username,
sensitive_content=None,
expires_in=datetime.timedelta(
seconds=3600,
),
additional_claims={"rst": "pwd"},
)
# Create row in password reset table
ongoing_password_reset = models.PasswordReset.query.filter_by(
email=email.email
).one_or_none()
if ongoing_password_reset:
ongoing_password_reset.issued = dds_web.utils.current_time()
ongoing_password_reset.valid = True
else:
new_password_reset = models.PasswordReset(
user=email.user, email=email.email, issued=dds_web.utils.current_time()
)
db.session.add(new_password_reset)
db.session.commit()
dds_web.utils.send_reset_email(email_row=email, token=token)
flask.flash("An email has been sent with instructions to reset your password.")
return flask.redirect(flask.url_for("auth_blueprint.login"))
flask.flash("Your account is deactivated. You cannot reset your password.", "warning")
# Show form
return flask.render_template("user/request_reset_password.html", form=form)