Show More
| @@ -435,7 +435,7 b' class TestLoginController(object):' | |||
|
|
435 | 435 | 'If such email exists, a password reset link was sent to it.') |
|
|
436 | 436 | |
|
|
437 | 437 | # BAD KEY |
|
|
438 |
confirm_url = |
|
|
|
438 | confirm_url = route_path('reset_password_confirmation', params={'key': 'badkey'}) | |
|
|
439 | 439 | response = self.app.get(confirm_url, status=302) |
|
|
440 | 440 | assert response.location.endswith(route_path('reset_password')) |
|
|
441 | 441 | assert_session_flash(response, 'Given reset token is invalid') |
| @@ -447,16 +447,14 b' class LoginView(BaseAppView):' | |||
|
|
447 | 447 | |
|
|
448 | 448 | return self._get_template_context(c, **template_context) |
|
|
449 | 449 | |
|
|
450 | @LoginRequired() | |
|
|
451 | @NotAnonymous() | |
|
|
452 | 450 | def password_reset_confirmation(self): |
|
|
453 | 451 | self.load_default_context() |
|
|
454 | if self.request.GET and self.request.GET.get('key'): | |
|
|
452 | ||
|
|
453 | if key := self.request.GET.get('key'): | |
|
|
455 | 454 | # make this take 2s, to prevent brute forcing. |
|
|
456 | 455 | time.sleep(2) |
|
|
457 | 456 | |
|
|
458 | token = AuthTokenModel().get_auth_token( | |
|
|
459 | self.request.GET.get('key')) | |
|
|
457 | token = AuthTokenModel().get_auth_token(key) | |
|
|
460 | 458 | |
|
|
461 | 459 | # verify token is the correct role |
|
|
462 | 460 | if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET: |
| @@ -106,6 +106,7 b' def get_url_defs():' | |||
|
|
106 | 106 | + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}", |
|
|
107 | 107 | "login": ADMIN_PREFIX + "/login", |
|
|
108 | 108 | "logout": ADMIN_PREFIX + "/logout", |
|
|
109 | "setup_2fa": ADMIN_PREFIX + "/setup_2fa", | |
|
|
109 | 110 | "check_2fa": ADMIN_PREFIX + "/check_2fa", |
|
|
110 | 111 | "register": ADMIN_PREFIX + "/register", |
|
|
111 | 112 | "reset_password": ADMIN_PREFIX + "/password_reset", |
General Comments 0
You need to be logged in to leave comments.
Login now