darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 15:31:15 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,999 Commits 126 Branches 60 Tags
d5a1ec0fe3c0965e5a9f04036d05c6904c148d97
Commit Graph

30 Commits

Author SHA1 Message Date
Leo Hemsted
b2756ac99d add email code verification 
by hitting POST /<user_id>/email-code, we create an email two factor
code to send to the user. That email contains a link with a token that
will sign the user in when opened.

Also some other things:

"email verification" (aka when you first create an account) doesn't
hit the API anymore

refactor 2fa code verification and sending to use jsonschema, and share code between sms and email

Die marshmallow die!
 2017-11-07 16:45:49 +00:00
venusbb
332fe14680 fixed pep 8 issues 2017-06-13 18:11:13 +01:00
venusbb
270173fd5c 2FA use secret cryptopgraphy 2017-06-09 17:15:51 +01:00
venusbb
a0640bb803 Generate 2FA secret code cryptographically install of using random number 2017-06-09 16:19:30 +01:00
Leo Hemsted
521872ce63 update_user now resets failed_login_count if password is changed 
until work is done to stop using PUT /user/{id} on the admin app, this
function also needs to reset failed logins, cos it's used during the
forgotten password flow
 2017-02-16 17:39:47 +00:00
Leo Hemsted
ac9739f8a2 ensure we reset failed_login_count when appropriate 
in verify_user_password, if succesful we reset the failed_login_count.
now we use failed_login_count for 2FA attempts, we need to make sure we
reset it in other places too, so that people don't get blocked,
especially in the reset-password user journey.

* verify_user_code - if it's succesful, reset the failed_login_count
* update_password - reset failed_login_count because either
  * you're logged in and so it's 0 anyway
  * you're resetting your password via pword reset link, and the old
    count isn't relevant anymore
 2017-02-16 16:00:40 +00:00
Leo Hemsted
b4036e062d rework query to use count() 2017-02-16 12:44:40 +00:00
Rebecca Law
ed4b9d34a6 Changes as per code review comments. 
Fix my backward date math :P
 2017-02-15 17:41:07 +00:00
Rebecca Law
52342afe3f Add a limit to the number of active 2fa codes that we create. At the moment that is set to 10. 2017-02-15 16:18:05 +00:00
Rebecca Law
5f48367ee5 Set the expiry time on a verify code (2fa) to 10 minutes. 
When the verify code is wrong or expired increment the failed to login count for the user.
When the verify code is successfully used reset the failed login count to 0.
 2017-02-14 14:04:11 +00:00
Imdad Ahad
ac48e4c944 Add separate method to update user password 2017-02-07 11:05:15 +00:00
Imdad Ahad
3f10e59db3 Add user dao method to update a single user attr 2016-11-07 17:42:39 +00:00
Rebecca Law
0f9a019945 Make the get_user_by_email_address case insenstive. 2016-05-20 13:43:31 +01:00
Nicholas Staples
03f15d6af9 Update now to utcnow. All tests passing. 2016-05-11 10:56:24 +01:00
Nicholas Staples
d40d9f76d4 Purge functional tests command added with passing test. 
Code quality fix.
 2016-05-06 11:16:30 +01:00
Rebecca Law
e055590b07 Changed db queries to use one, which throws NoResultFound exception, this exception is dealt with in our error handlers. 
Now a lot of the if none checks can be removed.
 2016-03-11 12:39:55 +00:00
Martyn Inglis
c8a5366484 Scheduled tasks to clean up the database 
- tasks run hourly
- uses celery beat to schedule the tasks

4 new tasks
- delete verify codes (after 1 day)
- delete invitations (after 1 day)
- delete successful notifications  (after 1 day)
- delete failed notifications (after 7 days)

Delete methods in the DAO classes
 2016-03-09 17:46:01 +00:00
Rebecca Law
ba337374fd - Remove password_changed_at from the update_dict in users_dao 
- Format dates in UserSchema
- Properly formatted subject and message body for the password reset email
- Add name to the message for reset password
 2016-03-08 14:33:06 +00:00
Adam Shimali
21e791b25c Add endpoint for getting user by email address 2016-02-23 11:03:59 +00:00
Martyn Inglis
dc294c32ae Fix all other dependant classes that are affected by the DAO / Service / Model changes 2016-02-19 15:54:11 +00:00
Adam Shimali
806b3f6851 If failed login count > 0 and user subsequently logs in sucessfully, 
then failed logins set to 0.
 2016-01-28 11:58:33 +00:00
Nicholas Staples
66c1d858ac Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00
Rebecca Law
5dc48f8a01 Updated send user code to use an optional to field to send emails 
Added tests for send_user_code
 2016-01-27 11:51:02 +00:00
Adam Shimali
d62b5bdce7 Record and persist failed login count on api. 2016-01-25 11:14:23 +00:00
Nicholas Staples
6b035cd324 All tests working, second time around. 2016-01-21 17:29:24 +00:00
Adam Shimali
f839bae1f5 Add rest of user model fields to api. 
First step to moving user interactions to api.
 2016-01-19 11:39:59 +00:00
Nicholas Staples
31f10c7457 Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00
Nicholas Staples
74547013ba All four http methods working now for user and service restful apis. 2016-01-11 17:19:06 +00:00
Nicholas Staples
49e98c21e7 Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00
Nicholas Staples
0bc4d02713 Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00