Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

YDA-5724: same password reset flow for existing and non-existing accounts #20

Merged
merged 1 commit into from
May 28, 2024
Merged

YDA-5724: same password reset flow for existing and non-existing accounts #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 5 additions & 8 deletions yoda_eus/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,14 +344,6 @@ def process_forgot_password() -> Response:
errors = {"errors": ["Please enter your user name (email address)"]}
return render_template('forgot-password.html', **errors)

user = User.query.filter_by(username=username).first()

if user is None:
errors = {"errors": ["User name not found. Only external users can reset their password."]}
response = make_response(render_template('forgot-password.html', **errors))
response.status_code = 404
return response

if (not is_email_valid(username) and app.config.get("MAIL_ONLY_TO_VALID_ADDRESS").lower() == "true"):
errors = {
"errors": ["Unable to send password reset email, "
Expand All @@ -361,6 +353,11 @@ def process_forgot_password() -> Response:
response.status_code = 404
return response

user = User.query.filter_by(username=username).first()
if user is None:
# User name not found. Only external users can reset their password.
return render_template("forgot-password-successful.html"), 200

# Generate and update user hash
secret_hash = get_random_hash()
user.hash = secret_hash
Expand Down
2 changes: 1 addition & 1 deletion yoda_eus/templates/web/forgot-password-successful.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<div class="offset-md-2 col-md-8">
<div class="card">
<div class="card-body">
We have sent you an email to reset your password.
If an account is associated with this email address, you will soon receive an email with instructions to reset your password.
</div>
</div>
</div>
Expand Down
2 changes: 1 addition & 1 deletion yoda_eus/tests/test_integration.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ def test_forgot_password_show_form(self, test_client):
def test_forgot_password_nonexistent(self, test_client):
with test_client as c:
response = c.post('/user/forgot-password', data={"username": "doesnotexist"})
assert response.status_code == 404
assert response.status_code == 200

def test_forgot_password_existing(self, test_client):
auth_headers = {'X-Yoda-External-User-Secret': 'dummy_api_secret'}
Expand Down