diff --git a/app/celery/tasks.py b/app/celery/tasks.py index c1306193a..968058fd0 100644 --- a/app/celery/tasks.py +++ b/app/celery/tasks.py @@ -253,9 +253,9 @@ def email_invited_user(encrypted_invitation): current_app.logger.error(e) -@notify_celery.task(name='send-reset-password') +@notify_celery.task(name='email-reset-password') def email_reset_password(encrypted_reset_password_message): - reset_password_message = encryption.decrypt(encryption) + reset_password_message = encryption.decrypt(encrypted_reset_password_message) try: aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'], reset_password_message['to'], diff --git a/app/user/rest.py b/app/user/rest.py index 3e3e1ec00..fbedd452d 100644 --- a/app/user/rest.py +++ b/app/user/rest.py @@ -193,26 +193,27 @@ def get_by_email(): return jsonify(result="error", message="invalid request"), 400 fetched_user = get_user_by_email(email) if not fetched_user: - return _user_not_found_for_email(email) + return _user_not_found_for_email() result = user_schema.dump(fetched_user) return jsonify(data=result.data) @user.route('/reset-password', methods=['POST']) -def send_reset_password(): +def send_user_reset_password(): email, errors = email_data_request_schema.load(request.get_json()) if errors: return jsonify(result="error", message=errors), 400 user_to_send_to = get_user_by_email(email['email']) if not user_to_send_to: - return _user_not_found_for_email(email['email']) + return _user_not_found_for_email() reset_password_message = {'to': user_to_send_to.email_address, 'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)} - email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='send-reset-password') + email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='email-reset-password') + return jsonify({}), 204 @@ -220,12 +221,14 @@ def _user_not_found(user_id): return abort(404, 'User not found for id: {}'.format(user_id)) -def _user_not_found_for_email(email): - return abort(404, 'User not found for email address: {}'.format(email)) +def _user_not_found_for_email(): + return abort(404, 'User not found for email address') def _create_reset_password_url(email): from utils.url_safe_token import generate_token - token = generate_token(email, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT']) + import json + data = json.dumps({'email': email, 'created_at': str(datetime.now())}) + token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT']) return current_app.config['ADMIN_BASE_URL'] + '/new-password/' + token diff --git a/config.py b/config.py index dd6fa5652..1226e09cc 100644 --- a/config.py +++ b/config.py @@ -48,7 +48,7 @@ class Config(object): Queue('email', Exchange('default'), routing_key='email'), Queue('sms-code', Exchange('default'), routing_key='sms-code'), Queue('email-code', Exchange('default'), routing_key='email-code'), - Queue('email-forgot-password', Exchange('default'), routing_key='email-forgot-password'), + Queue('email-reset-password', Exchange('default'), routing_key='email-reset-password'), Queue('process-job', Exchange('default'), routing_key='process-job'), Queue('bulk-sms', Exchange('default'), routing_key='bulk-sms'), Queue('bulk-email', Exchange('default'), routing_key='bulk-email'), diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py index 74af49d5a..8dc51b6b2 100644 --- a/tests/app/user/test_rest.py +++ b/tests/app/user/test_rest.py @@ -299,7 +299,7 @@ def test_get_user_by_email_not_found_returns_404(notify_api, assert resp.status_code == 404 json_resp = json.loads(resp.get_data(as_text=True)) assert json_resp['result'] == 'error' - assert json_resp['message'] == 'User not found for email address: {}'.format('no_user@digital.gov.uk') + assert json_resp['message'] == 'User not found for email address' def test_get_user_by_email_bad_url_returns_404(notify_api, @@ -430,63 +430,60 @@ def test_set_user_permissions_remove_old(notify_api, assert query.first().permission == MANAGE_SETTINGS -def test_send_reset_password_should_send_reset_password_link(notify_api, - sample_user, - mocker): +def test_send_user_reset_password_should_send_reset_password_link(notify_api, + sample_user, + mocker, + mock_encryption): with notify_api.test_request_context(): with notify_api.test_client() as client: mocker.patch('app.celery.tasks.email_reset_password.apply_async') data = json.dumps({'email': sample_user.email_address}) auth_header = create_authorization_header( - path=url_for('user.send_reset_password'), + path=url_for('user.send_user_reset_password'), method='POST', request_body=data) resp = client.post( - url_for('user.send_reset_password'), + url_for('user.send_user_reset_password'), data=data, headers=[('Content-Type', 'application/json'), auth_header]) assert resp.status_code == 204 - from app.user.rest import _create_reset_password_url - url = _create_reset_password_url(sample_user.email_address) - encrypted = encryption.encrypt({'to': sample_user.email_address, 'reset_password_url': url}) - app.celery.tasks.email_reset_password.apply_async.assert_called_once_with([encrypted], - queue='send-reset-password') + app.celery.tasks.email_reset_password.apply_async.assert_called_once_with(['something_encrypted'], + queue='email-reset-password') -def test_send_reset_password_should_return_400_when_user_doesnot_exist(notify_api, - mocker): +def test_send_user_reset_password_should_return_400_when_user_doesnot_exist(notify_api, + mocker): with notify_api.test_request_context(): with notify_api.test_client() as client: bad_email_address = 'bad@email.gov.uk' data = json.dumps({'email': bad_email_address}) auth_header = create_authorization_header( - path=url_for('user.send_reset_password'), + path=url_for('user.send_user_reset_password'), method='POST', request_body=data) resp = client.post( - url_for('user.send_reset_password'), + url_for('user.send_user_reset_password'), data=data, headers=[('Content-Type', 'application/json'), auth_header]) assert resp.status_code == 404 - assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address: {}'.format( - bad_email_address) + assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address' -def test_send_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker): +def test_send_user_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker): with notify_api.test_request_context(): with notify_api.test_client() as client: bad_email_address = 'bad.email.gov.uk' data = json.dumps({'email': bad_email_address}) auth_header = create_authorization_header( - path=url_for('user.send_reset_password'), + path=url_for('user.send_user_reset_password'), method='POST', request_body=data) resp = client.post( - url_for('user.send_reset_password'), + url_for('user.send_user_reset_password'), data=data, headers=[('Content-Type', 'application/json'), auth_header])