def reset_password(email):
"""
This endpoint can be used to rest a users password.
To do this a uniquecode is required.
"""
last_code = UniqueCode.last_code(email)
code = request.form.get("code", None)
if not (last_code == code):
return make_error(400, "Invalid code")
password = request.form.get("password", None)
if len(password) < 4:
return make_error(400, "Password should be at least 4 characters long")
user = User.find(email)
if user is None:
return make_error(400, "Email unknown")
user.update_password(password)
db_session.commit()
# Delete all the codes for this user
for x in UniqueCode.all_codes_for(email):
db_session.delete(x)
db_session.commit()
return "OK"
def reset_password(email):
"""
This endpoint can be used to rest a users password.
To do this a uniquecode is required.
"""
last_code = UniqueCode.last_code(email)
code = request.form.get("code", None)
if not (last_code == code):
return make_error(400, "Invalid code")
password = request.form.get("password", None)
if len(password) < 4:
return make_error(400, "Password should be at least 4 characters long")
user = User.find(email)
if user is None:
return make_error(400, "Email unknown")
user.update_password(password)
db_session.commit()
# Delete all the codes for this user
for x in UniqueCode.all_codes_for(email):
db_session.delete(x)
db_session.commit()
return "OK"
def test_reset_password_returns_400_if_password_too_short(self):
code = UniqueCode(TEST_EMAIL)
zeeguu_core.db.session.add(code)
zeeguu_core.db.session.commit()
form_data = dict(code=code, password="******")
rv = self.api_post("/reset_password/" + TEST_EMAIL, form_data)
assert rv.status_code == 400
def test_reset_password_returns_400_invalid_code(self):
code = UniqueCode(TEST_EMAIL)
zeeguu_core.db.session.add(code)
zeeguu_core.db.session.commit()
form_data = dict(code="thiswontwork", password="******")
rv = self.api_post("/reset_password/" + TEST_EMAIL, form_data)
assert rv.status_code == 400
def test_reset_password(self):
code = UniqueCode(TEST_EMAIL)
zeeguu_core.db.session.add(code)
zeeguu_core.db.session.commit()
form_data = dict(code=code, password="******")
rv = self.api_post("/reset_password/" + TEST_EMAIL, form_data)
assert rv.status_code == 200
def send_code(email):
"""
This endpoint generates a unique code that will be used to allow
the user to change his/her password. The unique code is send to
the specified email address.
"""
code = UniqueCode(email)
db_session.add(code)
db_session.commit()
send_password_reset_email(email, code)
return "OK"
def test_reset_password_cant_use_old_password(self):
code = UniqueCode(TEST_EMAIL)
zeeguu_core.db.session.add(code)
zeeguu_core.db.session.commit()
form_data = dict(code=code, password="******")
rv = self.api_post('/reset_password/' + TEST_EMAIL, form_data)
form_data = dict(password=TEST_PASS)
rv = self.api_post('/session/' + TEST_EMAIL, form_data)
assert rv.status_code == 401
def send_code(email):
"""
This endpoint generates a unique code that will be used to allow
the user to change his/her password. The unique code is send to
the specified email address.
"""
from zeeguu_core.emailer.password_reset import send_password_reset_email
try:
User.find(email)
except sqlalchemy.orm.exc.NoResultFound:
return bad_request("Email unknown")
code = UniqueCode(email)
db_session.add(code)
db_session.commit()
send_password_reset_email(email, code)
return "OK"
def reset_password(email):
code = request.form.get("code", None)
submitted_pass = request.form.get("password", None)
user = User.find(email)
last_code = UniqueCode.last_code(email)
if submitted_code_is_wrong(last_code, code):
return bad_request("Invalid code")
if password_is_too_short(submitted_pass):
return bad_request("Password is too short")
if user is None:
return bad_request("Email unknown")
user.update_password(submitted_pass)
delete_all_codes_for_email(email)
db_session.commit()
return "OK"
def delete_all_codes_for_email(email):
for x in UniqueCode.all_codes_for(email):
db_session.delete(x)