Skip to content

Commit

Permalink
bug(password reset): Add callback URL when invoking password reset vi…
Browse files Browse the repository at this point in the history 
…a email

- ensure user is redirected to the front-end when link in email is clicked

[#161044628]
  • Loading branch information
Patrick Kimanje authored and Patrick Kimanje committed Oct 8, 2018
1 parent c3318a6 commit bcef58d
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 18 deletions.
4 changes: 2 additions & 2 deletions authors/apps/authentication/tests/base_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,10 @@ def __init__(self):
"password": None,
}
}


self.invoke_email = {
"user": {
"email": self.user_email
"email": self.user_email,
"call_back": ""
}
}
25 changes: 23 additions & 2 deletions authors/apps/authentication/tests/test_password_reset.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,23 @@ def setUp(self):
# This email is not associated with a user
self.email_404 = {
"user": {
"email": "email_404@none.com"
"email": "email_404@none.com",
"call_back": ""
}
}

# Here we don't pass in an email
self.empty_email = {
"user": {
"email": ""
"email": "",
"call_back": ""
}
}

# Invoke password reset email with no call_back url
self.no_callback = {
"user": {
"email": "example@gmail.com",
}
}

Expand Down Expand Up @@ -71,3 +80,15 @@ def test_with_no_email(self):
self.assertEqual(self.response.json()['errors'],
{'email': ['This field may not be blank.']})

def test_with_no_call_back_url(self):
""" Test user can not invoke password reset for email that does not exist"""

self.response = self.client.post(
"/api/users/reset/password",
self.no_callback,
format="json"

)

self.assertEqual(self.response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(self.response.json(), {'user': {'error': 'Please provide a callback URL'}})
14 changes: 7 additions & 7 deletions authors/apps/authentication/utils.py
View file
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
import os
from django.core.mail import send_mail

def send_password_reset_email(to_email, token, current_site):

def send_password_reset_email(to_email, token, call_back_url):
# current_site = os.environ.get("CURRENT_SITE")
# email setup
subject = 'Password reset'
message = """
You're receiving this email because you invoked a password reset on
Authors haven. If you think it is a mistake to receive this email just ignore it.
----- Click the link below to reset your password ----
{}/api/user/reset-password/{}
""".format(current_site, token)
{}?{}
""".format(call_back_url, token)
from_email = os.environ.get('EMAIL_HOST_USER')
to_email = to_email
try:
send_mail(subject, message, from_email, [to_email], fail_silently=False,)
send_mail(subject, message, from_email, [to_email], fail_silently=False, )
except Exception as e:
return {'email': str(e)}
return {'email': str(e)}
10 changes: 3 additions & 7 deletions authors/apps/authentication/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,19 +107,15 @@ class InvokePasswordResetAPIView(LoginAPIView):
def post(self, request):
user = request.data.get('user', {})

# get current site
if 'HTTP_HOST' in request.META:
current_site = request.META['HTTP_HOST']
current_site = "https://{}".format(current_site)
else:
current_site = "http://127.0.0.1:8000"
if 'call_back' not in user:
return Response({"error": "Please provide a callback URL"}, status=status.HTTP_400_BAD_REQUEST)

serializer = self.serializer_class(data=user)
serializer.is_valid(raise_exception=True)

# call send email function
send_password_reset_email(
user['email'], serializer.data['email'], request.get_host())
user['email'], serializer.data['email'], user['call_back'])

return Response({"message": "Check your email for a link"}, status=status.HTTP_200_OK)

Expand Down

0 comments on commit bcef58d

Please sign in to comment.