Show More
| @@ -435,7 +435,7 b' class TestLoginController(object):' | |||||
| 435 | 'If such email exists, a password reset link was sent to it.') |
|
435 | 'If such email exists, a password reset link was sent to it.') | |
| 436 |
|
436 | |||
| 437 | # BAD KEY |
|
437 | # BAD KEY | |
| 438 |
confirm_url = |
|
438 | confirm_url = route_path('reset_password_confirmation', params={'key': 'badkey'}) | |
| 439 | response = self.app.get(confirm_url, status=302) |
|
439 | response = self.app.get(confirm_url, status=302) | |
| 440 | assert response.location.endswith(route_path('reset_password')) |
|
440 | assert response.location.endswith(route_path('reset_password')) | |
| 441 | assert_session_flash(response, 'Given reset token is invalid') |
|
441 | assert_session_flash(response, 'Given reset token is invalid') | |
| @@ -447,16 +447,14 b' class LoginView(BaseAppView):' | |||||
| 447 |
|
447 | |||
| 448 | return self._get_template_context(c, **template_context) |
|
448 | return self._get_template_context(c, **template_context) | |
| 449 |
|
449 | |||
| 450 | @LoginRequired() |
|
|||
| 451 | @NotAnonymous() |
|
|||
| 452 | def password_reset_confirmation(self): |
|
450 | def password_reset_confirmation(self): | |
| 453 | self.load_default_context() |
|
451 | self.load_default_context() | |
| 454 | if self.request.GET and self.request.GET.get('key'): |
|
452 | ||
|
|
453 | if key := self.request.GET.get('key'): | |||
| 455 | # make this take 2s, to prevent brute forcing. |
|
454 | # make this take 2s, to prevent brute forcing. | |
| 456 | time.sleep(2) |
|
455 | time.sleep(2) | |
| 457 |
|
456 | |||
| 458 | token = AuthTokenModel().get_auth_token( |
|
457 | token = AuthTokenModel().get_auth_token(key) | |
| 459 | self.request.GET.get('key')) |
|
|||
| 460 |
|
458 | |||
| 461 | # verify token is the correct role |
|
459 | # verify token is the correct role | |
| 462 | if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET: |
|
460 | if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET: | |
| @@ -106,6 +106,7 b' def get_url_defs():' | |||||
| 106 | + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}", |
|
106 | + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}", | |
| 107 | "login": ADMIN_PREFIX + "/login", |
|
107 | "login": ADMIN_PREFIX + "/login", | |
| 108 | "logout": ADMIN_PREFIX + "/logout", |
|
108 | "logout": ADMIN_PREFIX + "/logout", | |
|
|
109 | "setup_2fa": ADMIN_PREFIX + "/setup_2fa", | |||
| 109 | "check_2fa": ADMIN_PREFIX + "/check_2fa", |
|
110 | "check_2fa": ADMIN_PREFIX + "/check_2fa", | |
| 110 | "register": ADMIN_PREFIX + "/register", |
|
111 | "register": ADMIN_PREFIX + "/register", | |
| 111 | "reset_password": ADMIN_PREFIX + "/password_reset", |
|
112 | "reset_password": ADMIN_PREFIX + "/password_reset", | |
General Comments 0
You need to be logged in to leave comments.
Login now