darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 23:55:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Include token creation date in the url token.

Browse Source
This commit is contained in:
Rebecca Law
2016-03-07 18:20:20 +00:00
parent 10296f0cc2
commit 5c4ac9d938
4 changed files with 30 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/celery/tasks.py
View File

@@ -253,9 +253,9 @@ def email_invited_user(encrypted_invitation):
current_app.logger.error(e) current_app.logger.error(e)
@notify_celery.task(name='send-reset-password') @notify_celery.task(name='email-reset-password')
def email_reset_password(encrypted_reset_password_message): def email_reset_password(encrypted_reset_password_message):
reset_password_message = encryption.decrypt(encryption) reset_password_message = encryption.decrypt(encrypted_reset_password_message)
try: try:
aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'], aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'],
reset_password_message['to'], reset_password_message['to'],

17
app/user/rest.py
View File

@@ -193,26 +193,27 @@ def get_by_email():
return jsonify(result="error", message="invalid request"), 400 return jsonify(result="error", message="invalid request"), 400
fetched_user = get_user_by_email(email) fetched_user = get_user_by_email(email)
if not fetched_user: if not fetched_user:
return _user_not_found_for_email(email) return _user_not_found_for_email()
result = user_schema.dump(fetched_user) result = user_schema.dump(fetched_user)
return jsonify(data=result.data) return jsonify(data=result.data)
@user.route('/reset-password', methods=['POST']) @user.route('/reset-password', methods=['POST'])
def send_reset_password(): def send_user_reset_password():
email, errors = email_data_request_schema.load(request.get_json()) email, errors = email_data_request_schema.load(request.get_json())
if errors: if errors:
return jsonify(result="error", message=errors), 400 return jsonify(result="error", message=errors), 400
user_to_send_to = get_user_by_email(email['email']) user_to_send_to = get_user_by_email(email['email'])
if not user_to_send_to: if not user_to_send_to:
return _user_not_found_for_email(email['email']) return _user_not_found_for_email()
reset_password_message = {'to': user_to_send_to.email_address, reset_password_message = {'to': user_to_send_to.email_address,
'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)} 'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)}
email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='send-reset-password') email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='email-reset-password')
return jsonify({}), 204 return jsonify({}), 204
@@ -220,12 +221,14 @@ def _user_not_found(user_id):
return abort(404, 'User not found for id: {}'.format(user_id)) return abort(404, 'User not found for id: {}'.format(user_id))
def _user_not_found_for_email(email): def _user_not_found_for_email():
return abort(404, 'User not found for email address: {}'.format(email)) return abort(404, 'User not found for email address')
def _create_reset_password_url(email): def _create_reset_password_url(email):
from utils.url_safe_token import generate_token from utils.url_safe_token import generate_token
token = generate_token(email, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT']) import json
data = json.dumps({'email': email, 'created_at': str(datetime.now())})
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
return current_app.config['ADMIN_BASE_URL'] + '/new-password/' + token return current_app.config['ADMIN_BASE_URL'] + '/new-password/' + token

2
config.py
View File

@@ -48,7 +48,7 @@ class Config(object):
Queue('email', Exchange('default'), routing_key='email'), Queue('email', Exchange('default'), routing_key='email'),
Queue('sms-code', Exchange('default'), routing_key='sms-code'), Queue('sms-code', Exchange('default'), routing_key='sms-code'),
Queue('email-code', Exchange('default'), routing_key='email-code'), Queue('email-code', Exchange('default'), routing_key='email-code'),
Queue('email-forgot-password', Exchange('default'), routing_key='email-forgot-password'), Queue('email-reset-password', Exchange('default'), routing_key='email-reset-password'),
Queue('process-job', Exchange('default'), routing_key='process-job'), Queue('process-job', Exchange('default'), routing_key='process-job'),
Queue('bulk-sms', Exchange('default'), routing_key='bulk-sms'), Queue('bulk-sms', Exchange('default'), routing_key='bulk-sms'),
Queue('bulk-email', Exchange('default'), routing_key='bulk-email'), Queue('bulk-email', Exchange('default'), routing_key='bulk-email'),

37
tests/app/user/test_rest.py
View File

@@ -299,7 +299,7 @@ def test_get_user_by_email_not_found_returns_404(notify_api,
assert resp.status_code == 404 assert resp.status_code == 404
json_resp = json.loads(resp.get_data(as_text=True)) json_resp = json.loads(resp.get_data(as_text=True))
assert json_resp['result'] == 'error' assert json_resp['result'] == 'error'
assert json_resp['message'] == 'User not found for email address: {}'.format('no_user@digital.gov.uk') assert json_resp['message'] == 'User not found for email address'
def test_get_user_by_email_bad_url_returns_404(notify_api, def test_get_user_by_email_bad_url_returns_404(notify_api,
@@ -430,63 +430,60 @@ def test_set_user_permissions_remove_old(notify_api,
assert query.first().permission == MANAGE_SETTINGS assert query.first().permission == MANAGE_SETTINGS
def test_send_reset_password_should_send_reset_password_link(notify_api, def test_send_user_reset_password_should_send_reset_password_link(notify_api,
sample_user, sample_user,
mocker): mocker,
mock_encryption):
with notify_api.test_request_context(): with notify_api.test_request_context():
with notify_api.test_client() as client: with notify_api.test_client() as client:
mocker.patch('app.celery.tasks.email_reset_password.apply_async') mocker.patch('app.celery.tasks.email_reset_password.apply_async')
data = json.dumps({'email': sample_user.email_address}) data = json.dumps({'email': sample_user.email_address})
auth_header = create_authorization_header( auth_header = create_authorization_header(
path=url_for('user.send_reset_password'), path=url_for('user.send_user_reset_password'),
method='POST', method='POST',
request_body=data) request_body=data)
resp = client.post( resp = client.post(
url_for('user.send_reset_password'), url_for('user.send_user_reset_password'),
data=data, data=data,
headers=[('Content-Type', 'application/json'), auth_header]) headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204 assert resp.status_code == 204
from app.user.rest import _create_reset_password_url app.celery.tasks.email_reset_password.apply_async.assert_called_once_with(['something_encrypted'],
url = _create_reset_password_url(sample_user.email_address) queue='email-reset-password')
encrypted = encryption.encrypt({'to': sample_user.email_address, 'reset_password_url': url})
app.celery.tasks.email_reset_password.apply_async.assert_called_once_with([encrypted],
queue='send-reset-password')
def test_send_reset_password_should_return_400_when_user_doesnot_exist(notify_api, def test_send_user_reset_password_should_return_400_when_user_doesnot_exist(notify_api,
mocker): mocker):
with notify_api.test_request_context(): with notify_api.test_request_context():
with notify_api.test_client() as client: with notify_api.test_client() as client:
bad_email_address = 'bad@email.gov.uk' bad_email_address = 'bad@email.gov.uk'
data = json.dumps({'email': bad_email_address}) data = json.dumps({'email': bad_email_address})
auth_header = create_authorization_header( auth_header = create_authorization_header(
path=url_for('user.send_reset_password'), path=url_for('user.send_user_reset_password'),
method='POST', method='POST',
request_body=data) request_body=data)
resp = client.post( resp = client.post(
url_for('user.send_reset_password'), url_for('user.send_user_reset_password'),
data=data, data=data,
headers=[('Content-Type', 'application/json'), auth_header]) headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 404 assert resp.status_code == 404
assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address: {}'.format( assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address'
bad_email_address)
def test_send_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker): def test_send_user_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker):
with notify_api.test_request_context(): with notify_api.test_request_context():
with notify_api.test_client() as client: with notify_api.test_client() as client:
bad_email_address = 'bad.email.gov.uk' bad_email_address = 'bad.email.gov.uk'
data = json.dumps({'email': bad_email_address}) data = json.dumps({'email': bad_email_address})
auth_header = create_authorization_header( auth_header = create_authorization_header(
path=url_for('user.send_reset_password'), path=url_for('user.send_user_reset_password'),
method='POST', method='POST',
request_body=data) request_body=data)
resp = client.post( resp = client.post(
url_for('user.send_reset_password'), url_for('user.send_user_reset_password'),
data=data, data=data,
headers=[('Content-Type', 'application/json'), auth_header]) headers=[('Content-Type', 'application/json'), auth_header])