def test_reset_password_accepts_good_password(app, test_app_client):
rdu_user = UserFactory(user_type=TypeOfUser.RDU_USER)
token = generate_token(rdu_user.email, app)
confirmation_url = url_for("auth.reset_password", token=token, _external=True)
user_details = {"password": "******", "confirm_password": "******"}
resp = test_app_client.post(confirmation_url, data=user_details)
page = BeautifulSoup(resp.data.decode("utf-8"), "html.parser")
assert page.find("h1").text.strip() == "Password updated"
def test_reset_password_rejects_easy_password(app, test_app_client, mock_rdu_user):
token = generate_token(mock_rdu_user.email, app)
confirmation_url = url_for("auth.reset_password", token=token, _external=True)
user_details = {"password": "******", "confirm_password": "******"}
resp = test_app_client.post(confirmation_url, data=user_details)
page = BeautifulSoup(resp.data.decode("utf-8"), "html.parser")
assert (
page.find("div", class_="alert-box").text.strip()
== "Your password is too weak. Use a mix of numbers as well as upper and lowercase letters"
) # noqa
def test_reset_password_rejects_easy_password(app, test_app_client):
rdu_user = UserFactory(user_type=TypeOfUser.RDU_USER)
token = generate_token(rdu_user.email, app)
confirmation_url = url_for("auth.reset_password", token=token, _external=True)
user_details = {"password": "******", "confirm_password": "******"}
resp = test_app_client.post(confirmation_url, data=user_details)
page = BeautifulSoup(resp.data.decode("utf-8"), "html.parser")
assert (
page.find("div", class_="eff-flash-message__body").text.strip()
== """Your password is too weak. It has to be at least 10 characters long and use a mix of numbers, special
characters as well as upper and lowercase letters. Avoid using common patterns and repeated characters."""
)
def test_confirm_account_rejects_easy_password(app, test_app_client, mock_rdu_user, db_session):
token = generate_token(mock_rdu_user.email, app)
confirmation_url = url_for("register.confirm_account", token=token, _external=True)
mock_rdu_user.active = False
db_session.session.add(mock_rdu_user)
db_session.session.commit()
user_details = {"password": "******", "confirm_password": "******"}
resp = test_app_client.post(confirmation_url, data=user_details, follow_redirects=True)
page = BeautifulSoup(resp.data.decode("utf-8"), "html.parser")
assert (
page.find("div", class_="alert-box").text.strip()
== "Your password is too weak. Use a mix of numbers as well as upper and lowercase letters"
) # noqa
def do_PUT(self):
if self.path == '/tokens':
try:
content_length = int(self.headers['Content-Length'])
data = self.rfile.read(content_length)
obj = unjsonify(data)
chat_id = obj['chat_id']
token = self._tokens.get(chat_id, None)
if token is None:
token = generate_token()
self._tokens[chat_id] = token
self._chats[token] = chat_id
self.make_response(code=200, headers=dict({'Content-Type': 'application/json'}),
json={'token': token})
return
except (ValueError, KeyError) as e:
print(e.__traceback__)
self._make_error_response()
def forgot_password():
form = ForgotPasswordForm()
if form.validate_on_submit():
email = form.email.data.strip()
try:
User.query.filter_by(email=email).one()
except (MultipleResultsFound, NoResultFound) as e:
current_app.logger.error(e)
flash(
"Instructions for updating your password have been sent to %s"
% email)
return redirect(url_for("auth.forgot_password"))
token = generate_token(email, current_app)
confirmation_url = url_for("auth.reset_password",
token=token,
_external=True)
html = render_template("auth/email/reset_instructions.html",
confirmation_url=confirmation_url)
msg = Message(
html=html,
subject=
"Password reset for the Ethnicity Facts and Figures content management system",
sender=current_app.config["RDU_EMAIL"],
recipients=[form.email.data],
)
try:
mail.send(msg)
flash(
"Instructions for updating your password have been sent to %s"
% email)
except Exception as ex:
flash("Failed to send password reset email to: %s" % email,
"error")
current_app.logger.error(ex)
return redirect(url_for("auth.forgot_password"))
return render_template("auth/forgot_password.html", form=form)