From ba337374fd4c0bea811bf3016e6ee48ae7bb1f47 Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Tue, 8 Mar 2016 14:33:06 +0000
Subject: [PATCH] - Remove password_changed_at from the update_dict in
 users_dao - Format dates in UserSchema - Properly formatted subject and
 message body for the password reset email - Add name to the message for reset
 password

---
 app/celery/tasks.py            | 15 +++++++++++++--
 app/dao/users_dao.py           |  1 +
 app/schemas.py                 |  2 ++
 app/user/rest.py               |  1 +
 tests/app/celery/test_tasks.py |  6 ++++--
 5 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/app/celery/tasks.py b/app/celery/tasks.py
index 968058fd0..5dbf89597 100644
--- a/app/celery/tasks.py
+++ b/app/celery/tasks.py
@@ -253,13 +253,24 @@ def email_invited_user(encrypted_invitation):
         current_app.logger.error(e)
 
 
+def password_reset_message(name, url):
+    from string import Template
+    t = Template("Hi $user_name,\n\n"
+                 "We received a request to reset your password on GOV.UK Notify.\n\n"
+                 "If you didn't request this email, you can ignore it – your password has not been changed.\n\n"
+                 "To reset your password, click this link:\n\n"
+                 "$url")
+    return t.substitute(user_name=name, url=url)
+
+
 @notify_celery.task(name='email-reset-password')
 def email_reset_password(encrypted_reset_password_message):
     reset_password_message = encryption.decrypt(encrypted_reset_password_message)
     try:
         aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'],
                                   reset_password_message['to'],
-                                  "Reset password for GOV.UK Notify",
-                                  reset_password_message['reset_password_url'])
+                                  "Reset your GOV.UK Notify password",
+                                  password_reset_message(name=reset_password_message['name'],
+                                                         url=reset_password_message['reset_password_url']))
     except AwsSesClientException as e:
         current_app.logger.error(e)
diff --git a/app/dao/users_dao.py b/app/dao/users_dao.py
index 19e70302d..cfaf4cdb8 100644
--- a/app/dao/users_dao.py
+++ b/app/dao/users_dao.py
@@ -16,6 +16,7 @@ def save_model_user(usr, update_dict={}, pwd=None):
     if update_dict:
         if update_dict.get('id'):
             del update_dict['id']
+            update_dict.pop('password_changed_at')
         db.session.query(User).filter_by(id=usr.id).update(update_dict)
     else:
         db.session.add(usr)
diff --git a/app/schemas.py b/app/schemas.py
index 2673f999a..b66898b2c 100644
--- a/app/schemas.py
+++ b/app/schemas.py
@@ -61,6 +61,8 @@ class BaseSchema(ma.ModelSchema):
 class UserSchema(BaseSchema):
 
     permissions = fields.Method("user_permissions", dump_only=True)
+    password_changed_at = field_for(models.User, 'password_changed_at', format='%Y-%m-%d %H:%M:%S.%f')
+    created_at = field_for(models.User, 'created_at', format='%Y-%m-%d %H:%M:%S.%f')
 
     def user_permissions(self, usr):
         retval = {}
diff --git a/app/user/rest.py b/app/user/rest.py
index fbedd452d..d0c4e9746 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -210,6 +210,7 @@ def send_user_reset_password():
         return _user_not_found_for_email()
 
     reset_password_message = {'to': user_to_send_to.email_address,
+                              'name': user_to_send_to.name,
                               'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)}
 
     email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='email-reset-password')
diff --git a/tests/app/celery/test_tasks.py b/tests/app/celery/test_tasks.py
index 0e2acef20..2b093fbba 100644
--- a/tests/app/celery/test_tasks.py
+++ b/tests/app/celery/test_tasks.py
@@ -514,6 +514,7 @@ def test_email_invited_user_should_send_email(notify_api, mocker):
 def test_email_reset_password_should_send_email(notify_api, mocker):
     with notify_api.test_request_context():
         reset_password_message = {'to': 'someone@it.gov.uk',
+                                  'name': 'Some One',
                                   'reset_password_url': 'bah'}
 
         mocker.patch('app.aws_ses_client.send_email')
@@ -521,8 +522,9 @@ def test_email_reset_password_should_send_email(notify_api, mocker):
 
         encrypted_message = encryption.encrypt(reset_password_message)
         email_reset_password(encrypted_message)
-
+        message = tasks.password_reset_message(reset_password_message['name'],
+                                               reset_password_message['reset_password_url'])
         aws_ses_client.send_email(current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS'],
                                   reset_password_message['to'],
                                   "Reset password for GOV.UK Notify",
-                                  reset_password_message['reset_password_url'])
+                                  message)