Merge pull request #3 from KhaledBousrih/fix-change-password-token-ex…

…piry Fix compute password change token expiry date
Netsach · Feb 21, 2020 · 75b5bb7 · 75b5bb7
2 parents 2e98e5c + 1818986
commit 75b5bb7
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 21 deletions.
diff --git a/.gitignore b/.gitignore
@@ -109,7 +109,7 @@ concrete_datastore/concrete/migrations/0*
 .virtualenv2-ci
 env-ci/
 .integration-setup
-datamodel/*
+development/datamodel/*
 .installed-requirements.txt
 bin
 local-migrations/

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,7 +8,8 @@
 
 ### Changed
 
-- nothing changed
+- fixed password change token expiry computation
+- fixed register serializer to allow null values of url_format and email_format
 
 ### Removed
 

diff --git a/concrete_datastore/api/v1/serializers.py b/concrete_datastore/api/v1/serializers.py
@@ -61,12 +61,10 @@ class SecureLoginSerializer(serializers.Serializer):
 
 class RegisterSerializer(serializers.Serializer):
     email = serializers.EmailField()
-    password1 = serializers.CharField(required=False)
-    password2 = serializers.CharField(required=False)
-    email_format = serializers.CharField(required=False)
-    url_format = serializers.CharField(
-        required=False, default='/#/set-password/{token}/{email}/'
-    )
+    password1 = serializers.CharField(required=False, allow_null=True)
+    password2 = serializers.CharField(required=False, allow_null=True)
+    email_format = serializers.CharField(required=False, allow_null=True)
+    url_format = serializers.CharField(required=False, allow_null=True)
 
     class Meta:
         fields = (
@@ -77,16 +75,24 @@ class Meta:
             "url_format",
         )
 
+    def validate_url_format(self, value):
+        if value is None:
+            return '/#/set-password/{token}/{email}/'
+        return value
+
 
 class ResetPasswordSerializer(serializers.Serializer):
     email = serializers.EmailField()
-    url_format = serializers.CharField(
-        required=False, default='/#/reset-password/{token}/{email}/'
-    )
+    url_format = serializers.CharField(required=False, allow_null=True)
 
     class Meta:
         fields = ("email", "url_format")
 
+    def validate_url_format(self, value):
+        if value is None:
+            return '/#/reset-password/{token}/{email}/'
+        return value
+
 
 class UserSerializer(serializers.ModelSerializer):
     url = serializers.SerializerMethodField()

diff --git a/concrete_datastore/api/v1/views.py b/concrete_datastore/api/v1/views.py
@@ -966,9 +966,11 @@ def create_user(self, request, serializer, divider=None):
                 'HTTP_REFERER', settings.AUTH_CONFIRM_EMAIL_DEFAULT_REDIRECT_TO
             )
 
-            email_format = serializer.validated_data.get(
-                'email_format', settings.DEFAULT_REGISTER_EMAIL_FORMAT
+            email_format = (
+                serializer.validated_data.get('email_format')
+                or settings.DEFAULT_REGISTER_EMAIL_FORMAT
             )
+
             link = urljoin(referer, uri)
 
             email_body = email_format.format(link=link)

diff --git a/concrete_datastore/concrete/models.py b/concrete_datastore/concrete/models.py
@@ -63,7 +63,7 @@ def compute_auth_token_expiry():
 
 def compute_pwd_change_token_expiry():
     now = pendulum.now('utc')
-    return now.add(minutes=settings.PASSWORD_CHANGE_TOKEN_EXPIRY_HOURS)
+    return now.add(hours=settings.PASSWORD_CHANGE_TOKEN_EXPIRY_HOURS)
 
 
 class AuthToken(Token):

diff --git a/concrete_datastore/settings/base.py b/concrete_datastore/settings/base.py
@@ -445,7 +445,7 @@
 # Backend login group creation rule
 BACKEND_GROUP_CREATION_RULE = 'concrete_datastore.api.v1.authentication.default_backend_group_creation_rule'
 
-ALLOW_SEND_EMAIL_ON_REGISTER = False
+ALLOW_SEND_EMAIL_ON_REGISTER = True
 
 DEFAULT_REGISTER_EMAIL_FORMAT = """
 <html>

diff --git a/development/settings.py b/development/settings.py
@@ -19,11 +19,13 @@
 # ALTER DATABASE "db-concrete-datastore" OWNER TO "user-concrete-datastore";
 # GRANT ALL PRIVILEGES ON DATABASE "db-concrete-datastore" to "user-concrete-datastore";
 
-POSTGRES_DB = os.environ.get('POSTGRES_DB', 'db-concrete-datastore-2')
+POSTGRES_DB = os.environ.get('POSTGRES_DB', 'db-concrete-datastore')
 
 POSTGRES_USER = os.environ.get('POSTGRES_USER', 'user-concrete-datastore')
 
-POSTGRES_PASSWORD = os.environ.get('POSTGRES_PASSWORD', 'pwd-concrete-datastore')
+POSTGRES_PASSWORD = os.environ.get(
+    'POSTGRES_PASSWORD', 'pwd-concrete-datastore'
+)
 
 POSTGRES_HOST = os.environ.get('POSTGRES_HOST', 'localhost')
 
@@ -55,16 +57,16 @@
 
 META_MODEL_DEFINITIONS = load_datamodel(
     datamodel_path=os.path.join(
-        PROJECT_ROOT,
-        'datamodel/current-datamodel.json')
+        PROJECT_ROOT, 'datamodel/current-datamodel.json'
+    )
 )
 
 DISABLED_MODELS = ()
 
-EMAIL_HOST = os.environ.get("EMAIL_HOST", '')
+EMAIL_HOST = os.environ.get("EMAIL_HOST", 'localhost')
 EMAIL_HOST_USER = os.environ.get("EMAIL_HOST_USER", '')
 EMAIL_HOST_PASSWORD = os.environ.get("EMAIL_HOST_PASSWORD", '')
-EMAIL_PORT = os.environ.get("EMAIL_PORT", 587)
+EMAIL_PORT = os.environ.get("EMAIL_PORT", 1025)
 EMAIL_USE_TLS = True
 EMAIL_USE_SSL = False
 EMAIL_TIMEOUT = None