mirror of
https://github.com/GSA/notifications-api.git
synced 2026-02-04 10:21:14 -05:00
Include token creation date in the url token.
This commit is contained in:
Rebecca Law
@@ -253,9 +253,9 @@ def email_invited_user(encrypted_invitation):
|
||||
current_app.logger.error(e)
|
||||
|
||||
|
||||
@notify_celery.task(name='send-reset-password')
|
||||
@notify_celery.task(name='email-reset-password')
|
||||
def email_reset_password(encrypted_reset_password_message):
|
||||
reset_password_message = encryption.decrypt(encryption)
|
||||
reset_password_message = encryption.decrypt(encrypted_reset_password_message)
|
||||
try:
|
||||
aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'],
|
||||
reset_password_message['to'],
|
||||
|
||||
@@ -193,26 +193,27 @@ def get_by_email():
|
||||
return jsonify(result="error", message="invalid request"), 400
|
||||
fetched_user = get_user_by_email(email)
|
||||
if not fetched_user:
|
||||
return _user_not_found_for_email(email)
|
||||
return _user_not_found_for_email()
|
||||
result = user_schema.dump(fetched_user)
|
||||
|
||||
return jsonify(data=result.data)
|
||||
|
||||
|
||||
@user.route('/reset-password', methods=['POST'])
|
||||
def send_reset_password():
|
||||
def send_user_reset_password():
|
||||
email, errors = email_data_request_schema.load(request.get_json())
|
||||
if errors:
|
||||
return jsonify(result="error", message=errors), 400
|
||||
|
||||
user_to_send_to = get_user_by_email(email['email'])
|
||||
if not user_to_send_to:
|
||||
return _user_not_found_for_email(email['email'])
|
||||
return _user_not_found_for_email()
|
||||
|
||||
reset_password_message = {'to': user_to_send_to.email_address,
|
||||
'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)}
|
||||
|
||||
email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='send-reset-password')
|
||||
email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='email-reset-password')
|
||||
|
||||
return jsonify({}), 204
|
||||
|
||||
|
||||
@@ -220,12 +221,14 @@ def _user_not_found(user_id):
|
||||
return abort(404, 'User not found for id: {}'.format(user_id))
|
||||
|
||||
|
||||
def _user_not_found_for_email(email):
|
||||
return abort(404, 'User not found for email address: {}'.format(email))
|
||||
def _user_not_found_for_email():
|
||||
return abort(404, 'User not found for email address')
|
||||
|
||||
|
||||
def _create_reset_password_url(email):
|
||||
from utils.url_safe_token import generate_token
|
||||
token = generate_token(email, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
|
||||
import json
|
||||
data = json.dumps({'email': email, 'created_at': str(datetime.now())})
|
||||
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
|
||||
|
||||
return current_app.config['ADMIN_BASE_URL'] + '/new-password/' + token
|
||||
|
||||
@@ -48,7 +48,7 @@ class Config(object):
|
||||
Queue('email', Exchange('default'), routing_key='email'),
|
||||
Queue('sms-code', Exchange('default'), routing_key='sms-code'),
|
||||
Queue('email-code', Exchange('default'), routing_key='email-code'),
|
||||
Queue('email-forgot-password', Exchange('default'), routing_key='email-forgot-password'),
|
||||
Queue('email-reset-password', Exchange('default'), routing_key='email-reset-password'),
|
||||
Queue('process-job', Exchange('default'), routing_key='process-job'),
|
||||
Queue('bulk-sms', Exchange('default'), routing_key='bulk-sms'),
|
||||
Queue('bulk-email', Exchange('default'), routing_key='bulk-email'),
|
||||
|
||||
@@ -299,7 +299,7 @@ def test_get_user_by_email_not_found_returns_404(notify_api,
|
||||
assert resp.status_code == 404
|
||||
json_resp = json.loads(resp.get_data(as_text=True))
|
||||
assert json_resp['result'] == 'error'
|
||||
assert json_resp['message'] == 'User not found for email address: {}'.format('no_user@digital.gov.uk')
|
||||
assert json_resp['message'] == 'User not found for email address'
|
||||
|
||||
|
||||
def test_get_user_by_email_bad_url_returns_404(notify_api,
|
||||
@@ -430,63 +430,60 @@ def test_set_user_permissions_remove_old(notify_api,
|
||||
assert query.first().permission == MANAGE_SETTINGS
|
||||
|
||||
|
||||
def test_send_reset_password_should_send_reset_password_link(notify_api,
|
||||
sample_user,
|
||||
mocker):
|
||||
def test_send_user_reset_password_should_send_reset_password_link(notify_api,
|
||||
sample_user,
|
||||
mocker,
|
||||
mock_encryption):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
mocker.patch('app.celery.tasks.email_reset_password.apply_async')
|
||||
data = json.dumps({'email': sample_user.email_address})
|
||||
auth_header = create_authorization_header(
|
||||
path=url_for('user.send_reset_password'),
|
||||
path=url_for('user.send_user_reset_password'),
|
||||
method='POST',
|
||||
request_body=data)
|
||||
resp = client.post(
|
||||
url_for('user.send_reset_password'),
|
||||
url_for('user.send_user_reset_password'),
|
||||
data=data,
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
|
||||
assert resp.status_code == 204
|
||||
from app.user.rest import _create_reset_password_url
|
||||
url = _create_reset_password_url(sample_user.email_address)
|
||||
encrypted = encryption.encrypt({'to': sample_user.email_address, 'reset_password_url': url})
|
||||
app.celery.tasks.email_reset_password.apply_async.assert_called_once_with([encrypted],
|
||||
queue='send-reset-password')
|
||||
app.celery.tasks.email_reset_password.apply_async.assert_called_once_with(['something_encrypted'],
|
||||
queue='email-reset-password')
|
||||
|
||||
|
||||
def test_send_reset_password_should_return_400_when_user_doesnot_exist(notify_api,
|
||||
mocker):
|
||||
def test_send_user_reset_password_should_return_400_when_user_doesnot_exist(notify_api,
|
||||
mocker):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
bad_email_address = 'bad@email.gov.uk'
|
||||
data = json.dumps({'email': bad_email_address})
|
||||
auth_header = create_authorization_header(
|
||||
path=url_for('user.send_reset_password'),
|
||||
path=url_for('user.send_user_reset_password'),
|
||||
method='POST',
|
||||
request_body=data)
|
||||
|
||||
resp = client.post(
|
||||
url_for('user.send_reset_password'),
|
||||
url_for('user.send_user_reset_password'),
|
||||
data=data,
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
|
||||
assert resp.status_code == 404
|
||||
assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address: {}'.format(
|
||||
bad_email_address)
|
||||
assert json.loads(resp.get_data(as_text=True))['message'] == 'User not found for email address'
|
||||
|
||||
|
||||
def test_send_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker):
|
||||
def test_send_user_reset_password_should_return_400_when_data_is_not_email_address(notify_api, mocker):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
bad_email_address = 'bad.email.gov.uk'
|
||||
data = json.dumps({'email': bad_email_address})
|
||||
auth_header = create_authorization_header(
|
||||
path=url_for('user.send_reset_password'),
|
||||
path=url_for('user.send_user_reset_password'),
|
||||
method='POST',
|
||||
request_body=data)
|
||||
|
||||
resp = client.post(
|
||||
url_for('user.send_reset_password'),
|
||||
url_for('user.send_user_reset_password'),
|
||||
data=data,
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
|
||||
|
||||
Reference in New Issue
Block a user