darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 19:03:30 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix wording

Browse Source 
Changed forgot-password so that it does not expose to the user that the email address does not exist.
This commit is contained in:
Rebecca Law
2016-01-08 16:47:34 +00:00
parent 677f8891b2
commit f7373ee5fc
5 changed files with 14 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/main/forms.py
View File

@@ -124,14 +124,6 @@ class AddServiceForm(Form):
class ForgotPasswordForm(Form):
email_address = email_address()
def __init__(self, q, *args, **kwargs):
self.query_function = q
super(ForgotPasswordForm, self).__init__(*args, **kwargs)
def validate_email_address(self, a):
if not self.query_function(a.data):
raise ValidationError('The email address is not recognised. Enter the email address you registered with.')
class NewPasswordForm(Form):
new_password = password()

11
app/main/views/forgot_password.py
View File

@@ -1,4 +1,4 @@
from flask import render_template, flash
from flask import render_template, flash, current_app
from app.main import main
from app.main.dao import users_dao
from app.main.forms import ForgotPasswordForm
@@ -7,9 +7,12 @@ from app.main.views import send_change_password_email
@main.route('/forgot-password', methods=['GET', 'POST'])
def forgot_password():
form = ForgotPasswordForm(users_dao.get_user_by_email)
form = ForgotPasswordForm()
if form.validate_on_submit():
send_change_password_email(form.email_address.data)
return render_template('views/password-reset-sent.html')
if users_dao.get_user_by_email(form.email_address.data):
send_change_password_email(form.email_address.data)
return render_template('views/password-reset-sent.html')
else:
current_app.logger.info('The email address used does not exist.')
else:
return render_template('views/forgot-password.html', form=form)

2
app/main/views/new_password.py
View File

@@ -10,7 +10,7 @@ from app.main.views import send_sms_code, check_token
def new_password(token):
email_address = check_token(token)
if not email_address:
flash('The token we sent you has expired. Enter your email address to try again.')
flash('The link in the email we sent you has expired. Enter your email address to resend.')
return redirect(url_for('.forgot_password'))
user = users_dao.get_user_by_email(email_address=email_address.decode('utf-8'))

2
app/templates/views/password-reset-sent.html
View File

@@ -10,7 +10,7 @@ GOV.UK Notify |
<div class="column-two-thirds">
<h1 class="heading-xlarge">GOV.UK Notify</h1>
<p>You have been sent an email containing a url to reset your password.</p>
<p>You have been sent an email containing a link to reset your password.</p>
</div>
</div>

14
tests/app/main/views/test_forgot_password.py
View File

@@ -15,13 +15,13 @@ def test_should_redirect_to_password_reset_sent(notifications_admin,
notifications_admin_db,
mocker,
notify_db_session):
_set_up_mocker(mocker)
create_test_user('active')
mocker.patch("app.admin_api_client.send_email")
user = create_test_user('active')
response = notifications_admin.test_client().post('/forgot-password',
data={'email_address': 'test@user.gov.uk'})
data={'email_address': user.email_address})
assert response.status_code == 200
assert 'You have been sent an email containing a url to reset your password.' in response.get_data(as_text=True)
assert 'You have been sent an email containing a link to reset your password.' in response.get_data(
as_text=True)
def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired(notifications_admin,
@@ -37,7 +37,3 @@ def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_exp
assert response.status_code == 302
assert response.location == url_for('.forgot_password', _external=True)
notifications_admin.config['TOKEN_MAX_AGE_SECONDS'] = 86400
def _set_up_mocker(mocker):
mocker.patch("app.admin_api_client.send_email")