##// END OF EJS Templates
fix(tests): fixed 2fa tests and password reset broken by accident
super-admin -
r5369:cab08940 default
parent child Browse files
Show More
@@ -435,7 +435,7 b' class TestLoginController(object):'
435 'If such email exists, a password reset link was sent to it.')
435 'If such email exists, a password reset link was sent to it.')
436
436
437 # BAD KEY
437 # BAD KEY
438 confirm_url = '{}?key={}'.format(route_path('reset_password_confirmation'), 'badkey')
438 confirm_url = route_path('reset_password_confirmation', params={'key': 'badkey'})
439 response = self.app.get(confirm_url, status=302)
439 response = self.app.get(confirm_url, status=302)
440 assert response.location.endswith(route_path('reset_password'))
440 assert response.location.endswith(route_path('reset_password'))
441 assert_session_flash(response, 'Given reset token is invalid')
441 assert_session_flash(response, 'Given reset token is invalid')
@@ -447,16 +447,14 b' class LoginView(BaseAppView):'
447
447
448 return self._get_template_context(c, **template_context)
448 return self._get_template_context(c, **template_context)
449
449
450 @LoginRequired()
451 @NotAnonymous()
452 def password_reset_confirmation(self):
450 def password_reset_confirmation(self):
453 self.load_default_context()
451 self.load_default_context()
454 if self.request.GET and self.request.GET.get('key'):
452
453 if key := self.request.GET.get('key'):
455 # make this take 2s, to prevent brute forcing.
454 # make this take 2s, to prevent brute forcing.
456 time.sleep(2)
455 time.sleep(2)
457
456
458 token = AuthTokenModel().get_auth_token(
457 token = AuthTokenModel().get_auth_token(key)
459 self.request.GET.get('key'))
460
458
461 # verify token is the correct role
459 # verify token is the correct role
462 if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET:
460 if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET:
@@ -106,6 +106,7 b' def get_url_defs():'
106 + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}",
106 + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}",
107 "login": ADMIN_PREFIX + "/login",
107 "login": ADMIN_PREFIX + "/login",
108 "logout": ADMIN_PREFIX + "/logout",
108 "logout": ADMIN_PREFIX + "/logout",
109 "setup_2fa": ADMIN_PREFIX + "/setup_2fa",
109 "check_2fa": ADMIN_PREFIX + "/check_2fa",
110 "check_2fa": ADMIN_PREFIX + "/check_2fa",
110 "register": ADMIN_PREFIX + "/register",
111 "register": ADMIN_PREFIX + "/register",
111 "reset_password": ADMIN_PREFIX + "/password_reset",
112 "reset_password": ADMIN_PREFIX + "/password_reset",
General Comments 0
You need to be logged in to leave comments. Login now