Show More
@@ -435,7 +435,7 b' class TestLoginController(object):' | |||||
435 | 'If such email exists, a password reset link was sent to it.') |
|
435 | 'If such email exists, a password reset link was sent to it.') | |
436 |
|
436 | |||
437 | # BAD KEY |
|
437 | # BAD KEY | |
438 |
confirm_url = |
|
438 | confirm_url = route_path('reset_password_confirmation', params={'key': 'badkey'}) | |
439 | response = self.app.get(confirm_url, status=302) |
|
439 | response = self.app.get(confirm_url, status=302) | |
440 | assert response.location.endswith(route_path('reset_password')) |
|
440 | assert response.location.endswith(route_path('reset_password')) | |
441 | assert_session_flash(response, 'Given reset token is invalid') |
|
441 | assert_session_flash(response, 'Given reset token is invalid') |
@@ -447,16 +447,14 b' class LoginView(BaseAppView):' | |||||
447 |
|
447 | |||
448 | return self._get_template_context(c, **template_context) |
|
448 | return self._get_template_context(c, **template_context) | |
449 |
|
449 | |||
450 | @LoginRequired() |
|
|||
451 | @NotAnonymous() |
|
|||
452 | def password_reset_confirmation(self): |
|
450 | def password_reset_confirmation(self): | |
453 | self.load_default_context() |
|
451 | self.load_default_context() | |
454 | if self.request.GET and self.request.GET.get('key'): |
|
452 | ||
|
453 | if key := self.request.GET.get('key'): | |||
455 | # make this take 2s, to prevent brute forcing. |
|
454 | # make this take 2s, to prevent brute forcing. | |
456 | time.sleep(2) |
|
455 | time.sleep(2) | |
457 |
|
456 | |||
458 | token = AuthTokenModel().get_auth_token( |
|
457 | token = AuthTokenModel().get_auth_token(key) | |
459 | self.request.GET.get('key')) |
|
|||
460 |
|
458 | |||
461 | # verify token is the correct role |
|
459 | # verify token is the correct role | |
462 | if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET: |
|
460 | if token is None or token.role != UserApiKeys.ROLE_PASSWORD_RESET: |
@@ -106,6 +106,7 b' def get_url_defs():' | |||||
106 | + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}", |
|
106 | + "/gists/{gist_id}/rev/{revision}/{format}/{f_path}", | |
107 | "login": ADMIN_PREFIX + "/login", |
|
107 | "login": ADMIN_PREFIX + "/login", | |
108 | "logout": ADMIN_PREFIX + "/logout", |
|
108 | "logout": ADMIN_PREFIX + "/logout", | |
|
109 | "setup_2fa": ADMIN_PREFIX + "/setup_2fa", | |||
109 | "check_2fa": ADMIN_PREFIX + "/check_2fa", |
|
110 | "check_2fa": ADMIN_PREFIX + "/check_2fa", | |
110 | "register": ADMIN_PREFIX + "/register", |
|
111 | "register": ADMIN_PREFIX + "/register", | |
111 | "reset_password": ADMIN_PREFIX + "/password_reset", |
|
112 | "reset_password": ADMIN_PREFIX + "/password_reset", |
General Comments 0
You need to be logged in to leave comments.
Login now