def test_get_token_again(self):
self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now(
) - datetime.timedelta(seconds=10)
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_called_once_with(
ANY, {'email': "*****@*****.**"})
self.assertEquals("etaoinshrdlu", token)
def _recover_password(self, address):
"""Email a recovery token for the user."""
_log.info("Recover password for %s", address)
if not _email_throttler.is_allowed():
_log.warn("Throttling to avoid being blacklisted")
raise HTTPErrorEx(
httplib.SERVICE_UNAVAILABLE,
"Request throttled",
headers={"Retry-After",
str(_email_throttler.interval_sec)})
db_sess = self.db_session()
try:
token = users.get_token(db_sess, address)
except ValueError:
# To avoid revealing who subscribes to our service to
# third parties, this must behave identically to the case
# where the email is recognised.
db_sess.rollback()
_log.info("Silently ignoring unrecognised email")
else:
db_sess.commit()
user = users.get_details(db_sess, address)
urlbase = self.request.protocol + "://" + self.request.host + \
settings.EMAIL_RECOVERY_PATH
mail.send_recovery_message(urlbase, user["email"],
user["full_name"], token)
self.send_success(httplib.OK)
def test_get_token_expired(self, get_random_bytes):
self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now() - datetime.timedelta(days=2)
get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_has_calls([call(ANY, {'email': "*****@*****.**"}),
call(ANY, {'email': "*****@*****.**",
'token': ANY,
'created' : ANY})])
get_random_bytes.assert_called_once_with(16)
self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
def test_get_token_first(self, get_random_bytes):
self.mock_cursor.fetchone.return_value = None, None
get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_has_calls([call(ANY, {'email': "*****@*****.**"}),
call(ANY, {'email': "*****@*****.**",
'token': ANY,
'created' : ANY})])
get_random_bytes.assert_called_once_with(16)
self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
def test_get_token_first(self, get_random_bytes):
self.mock_cursor.fetchone.return_value = None, None
get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_has_calls([
call(ANY, {'email': "*****@*****.**"}),
call(ANY, {
'email': "*****@*****.**",
'token': ANY,
'created': ANY
})
])
get_random_bytes.assert_called_once_with(16)
self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
def test_get_token_expired(self, get_random_bytes):
self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now(
) - datetime.timedelta(days=2)
get_random_bytes.return_value = "\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85\x01\x02\x41\x85"
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_has_calls([
call(ANY, {'email': "*****@*****.**"}),
call(ANY, {
'email': "*****@*****.**",
'token': ANY,
'created': ANY
})
])
get_random_bytes.assert_called_once_with(16)
self.assertEquals("AQJBhQECQYUBAkGFAQJBhQ==", token)
def _recover_password(self, address):
"""Email a recovery token for the user."""
_log.info("Recover password for %s", address)
if not _email_throttler.is_allowed():
_log.warn("Throttling to avoid being blacklisted")
raise HTTPErrorEx(httplib.SERVICE_UNAVAILABLE, "Request throttled", headers={"Retry-After", str(_email_throttler.interval_sec)})
db_sess = self.db_session()
try:
token = users.get_token(db_sess, address)
db_sess.commit()
except ValueError:
# To avoid revealing who subscribes to our service to
# third parties, this must behave identically to the case
# where the email is recognised.
_log.info("Silently ignoring unrecognised email")
else:
user = users.get_details(db_sess, address)
urlbase = self.request.protocol + "://" + self.request.host + \
settings.EMAIL_RECOVERY_PATH
mail.send_recovery_message(urlbase, user["email"], user["full_name"], token)
self.send_success(httplib.OK)
def test_get_token_again(self):
self.mock_cursor.fetchone.return_value = "etaoinshrdlu", datetime.datetime.now() - datetime.timedelta(seconds=10)
token = users.get_token(self.mock_session, "*****@*****.**")
self.mock_session.execute.assert_called_once_with(ANY, {'email': "*****@*****.**"})
self.assertEquals("etaoinshrdlu", token)
