def password_email(user): """ For resetting a user's password. """ from r2.lib.pages import PasswordReset reset_count_key = "email-reset_count_%s" % user._id g.cache.add(reset_count_key, 0, time=3600 * 12) if g.cache.incr(reset_count_key) > 3: return False reset_count_global = "email-reset_count_global" g.cache.add(reset_count_global, 0, time=3600) if g.cache.incr(reset_count_global) > 1000: raise ValueError( "Somebody's beating the hell out of the password reset box") token = PasswordResetToken._new(user) base = g.https_endpoint or g.origin passlink = base + '/resetpassword/' + token._id g.log.info("Generated password reset link: " + passlink) _system_email( user.email, PasswordReset(user=user, passlink=passlink).render(style='email'), Email.Kind.RESET_PASSWORD, user=user, ) return True
def password_email(user): """ For resetting a user's password. """ from r2.lib.pages import PasswordReset reset_count_key = "email-reset_count_%s" % user._id g.cache.add(reset_count_key, 0, time=3600 * 12) if g.cache.incr(reset_count_key) > 3: return False reset_count_global = "email-reset_count_global" g.cache.add(reset_count_global, 0, time=3600) if g.cache.incr(reset_count_global) > 1000: raise ValueError("Somebody's beating the hell out of the password reset box") token = PasswordResetToken._new(user) base = g.https_endpoint or g.origin passlink = base + '/resetpassword/' + token._id g.log.info("Generated password reset link: " + passlink) _system_email(user.email, PasswordReset(user=user, passlink=passlink).render(style='email'), Email.Kind.RESET_PASSWORD) return True
def password_email(user): """ For resetting a user's password. """ from r2.lib.pages import PasswordReset user_reset_ratelimit = SimpleRateLimit( name="email_reset_count_%s" % user._id36, seconds=int(datetime.timedelta(hours=12).total_seconds()), limit=3, ) if not user_reset_ratelimit.record_and_check(): return False global_reset_ratelimit = SimpleRateLimit( name="email_reset_count_global", seconds=int(datetime.timedelta(hours=1).total_seconds()), limit=1000, ) if not global_reset_ratelimit.record_and_check(): raise ValueError("password reset ratelimit exceeded") token = PasswordResetToken._new(user) base = g.https_endpoint or g.origin passlink = base + '/resetpassword/' + token._id g.log.info("Generated password reset link: " + passlink) _system_email( user.email, PasswordReset(user=user, passlink=passlink).render(style='email'), Email.Kind.RESET_PASSWORD, user=user, ) return True
def password_email(user): """ For resetting a user's password. """ from r2.lib.pages import PasswordReset user_reset_ratelimit = SimpleRateLimit( name="email_reset_count_%s" % user._id36, seconds=int(datetime.timedelta(hours=12).total_seconds()), limit=3, ) if not user_reset_ratelimit.record_and_check(): return False global_reset_ratelimit = SimpleRateLimit( name="email_reset_count_global", seconds=int(datetime.timedelta(hours=1).total_seconds()), limit=1000, ) if not global_reset_ratelimit.record_and_check(): raise ValueError("password reset ratelimit exceeded") token = PasswordResetToken._new(user) base = g.https_endpoint or g.origin passlink = base + '/resetpassword/' + token._id g.log.info("Generated password reset link: " + passlink) _system_email(user.email, PasswordReset(user=user, passlink=passlink).render(style='email'), Email.Kind.RESET_PASSWORD, user=user, ) return True
def setUp(self): super(ResetPasswordTest, self).setUp() self.user = MagicMock(name="user") self.user._fullname = "test_user" self.user.email = "*****@*****.**" self.user._banned = False self.user.password = CURRENT_PW_BCRYPT self.token = PasswordResetToken._new(self.user)