def test_fail_expired_pwd_reset_key(self):
email = get_random_email()
pwd_reset_key = "1234"
user_uuid = guid.uuid4()
users.add_user(
uuid=user_uuid,
username=email,
email=email,
system_role="user",
providers=["local"],
activated=datetime.now(),
)
local_users.add_local_user(
user_uuid=user_uuid,
pwd_hash="1234",
pwd_reset_key_hash=hashlib.sha256(
str(pwd_reset_key).encode("utf-8")).hexdigest(),
pwd_reset_key_expires=datetime.now().astimezone() -
timedelta(minutes=10),
force_pwd_change=False,
)
with app.test_client() as c:
response = c.post(
"/users/me/reset-password",
json={
"email": email,
"pwd_reset_key": pwd_reset_key,
"password": "******",
"password_confirmation": "aaa",
},
)
self.assertEqual(response.status_code, 400)
def test_fail_expired_activation_key(self):
email = get_random_email()
activation_key = "1234"
users.add_user(
uuid=guid.uuid4(),
username=email,
email=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=datetime.now().astimezone() -
timedelta(minutes=10),
)
with app.test_client() as c:
response = c.post(
"/users/me/activate",
json={
"email": email,
"activation_key": activation_key,
"password": "******",
"password_confirmation": "aaa",
},
)
self.assertEqual(response.status_code, 400)
def create_user():
data = request.json
if not data:
return abort(make_response("", 400))
username = data.get("username", None)
role = data.get("role", None)
password = data.get("password", None)
password_confirmation = data.get("password_confirmation", None)
if not username or not password or not role:
return abort(make_response("", 400))
if password != password_confirmation:
return abort(make_response("", 400))
if role not in ["admin", "user"]:
return abort(make_response("", 400))
if users.get_by_username(username) is not None:
return abort(make_response("", 409))
pwd_hash = bcrypt.hashpw(password.encode("utf8"), bcrypt.gensalt())
new_uuid = uuid.uuid4()
users.add_user(uuid=new_uuid,
username=username,
role=role,
providers=["local"])
local_users.add_local_user(user_uuid=new_uuid,
pwd_hash=pwd_hash.decode("utf8"),
force_pwd_change=True)
return (
jsonify({
"uuid": str(new_uuid),
"username": username,
"role": role,
"suspended": False,
}),
201,
)
def setUp(self):
self.email = get_random_email()
self.activation_key = guid.uuid4()
self.user_uuid = guid.uuid4()
users.add_user(
uuid=self.user_uuid,
username=self.email,
email=self.email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(self.activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=datetime.now().astimezone() +
timedelta(minutes=10),
)
def create_inactive_user():
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", "").lstrip().rstrip().lower()
if not email or not is_email(email):
return abort(
make_response(jsonify(message="Missing or bad email"), 400))
existing = users.get_by_email(email)
# activated users
if existing and existing["activated"] is not None:
return "", 202
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(
minutes=10)
# reissue activation_key
if existing:
users.update_user(
uuid=existing["uuid"],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=activation_key_expires,
)
# completely new user
else:
users.add_user(
uuid=guid.uuid4(),
username=email,
email=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=activation_key_expires,
)
send_mail.delay(
[email],
"REGISTRATION_VERIFICATION_EMAIL",
{
"activation_key": activation_key,
"activation_key_expires": int(activation_key_expires.timestamp()),
"email": email,
},
)
return "", 202
def setUp(self):
self.email = get_random_email()
self.pwd_reset_key = guid.uuid4()
self.user_uuid = guid.uuid4()
users.add_user(
uuid=self.user_uuid,
username=self.email,
email=self.email,
system_role="user",
providers=["local"],
activated=datetime.now(),
)
local_users.add_local_user(
user_uuid=self.user_uuid,
pwd_hash="1234",
pwd_reset_key_hash=hashlib.sha256(
str(self.pwd_reset_key).encode("utf-8")).hexdigest(),
pwd_reset_key_expires=datetime.now().astimezone() +
timedelta(minutes=10),
force_pwd_change=False,
)
def create_inactive_user(email):
existing = users.get_by_email(email)
# activated users
if existing and existing["activated"] is not None:
return {"created": False, "user_uuid": existing["uuid"]}
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(
minutes=10)
user_uuid = guid.uuid4()
# reissue activation_key
if existing:
users.update_user(
uuid=existing["uuid"],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=activation_key_expires,
)
user_uuid = existing["uuid"]
# completely new user
else:
users.add_user(
uuid=user_uuid,
username=email,
email=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")).hexdigest(),
activation_key_expires=activation_key_expires,
)
return {
"created": True,
"activation_key": str(activation_key),
"activation_key_expires": activation_key_expires,
"email": email,
"user_uuid": user_uuid,
}
def add_user_to_org(org_uuid):
data = request.json
if not data:
return abort(make_response(jsonify(message="Missing payload"), 400))
email = data.get("email", None)
org_role = data.get("role", None)
if not email or not org_role:
return abort(make_response(jsonify(message="Missing email"), 400))
if org_role not in ["admin", "user"]:
return abort(make_response(jsonify(message="Bad role"), 400))
email = email.lstrip().rstrip().lower()
if not is_email(email):
return abort(make_response(jsonify(message="Invalid email"), 400))
existing = users.get_by_email(email)
# completely new user
if existing is None:
user_uuid = guid.uuid4()
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.add_user(
uuid=user_uuid,
email=email,
username=email,
system_role="user",
providers=[],
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
else:
user_uuid = existing.get("uuid", None)
# an activated account that already has a role in this organization
if (
organization_roles.get_organization_role(org_uuid, user_uuid)
and existing["activated"]
):
return abort(make_response(jsonify(message="User already exists"), 409))
# an account that is not activated but has already been sent an invite
activation_key = guid.uuid4()
activation_key_expires = datetime.now().astimezone() + timedelta(hours=24)
users.update_user(
uuid=user_uuid,
activation_key_hash=hashlib.sha256(
str(activation_key).encode("utf-8")
).hexdigest(),
activation_key_expires=activation_key_expires,
)
organization = organizations.get_by_uuid(org_uuid)
organization_roles.set_organization_role(org_uuid, user_uuid, org_role)
if existing is None or existing["activated"] is None:
send_mail.delay(
[email],
"REGISTRATION_VERIFICATION_EMAIL",
{
"activation_key": activation_key,
"activation_key_expires": int(activation_key_expires.timestamp()),
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
else:
send_mail.delay(
[email],
"ORGANIZATION_INVITATION",
{
"email": email,
"inviter_username": get_current_user()["username"],
"organization_name": organization["name"],
"organization_uuid": organization["uuid"],
},
)
return (
jsonify(
{
"uuid": str(user_uuid),
"username": existing["username"] if existing else email,
"email": email,
"role": org_role,
"activated": existing["activated"] is not None if existing else False,
}
),
201,
)