From f727072d4ce5f9a789abeff1f68071f8b2cab2a3 Mon Sep 17 00:00:00 2001 From: Taha Yassine Kraiem Date: Thu, 5 Aug 2021 11:01:02 +0200 Subject: [PATCH] feat(api): changed reset/set password endpoints --- api/chalicelib/blueprints/bp_core.py | 13 +++++------- api/chalicelib/blueprints/bp_core_dynamic.py | 2 +- api/chalicelib/core/reset_password.py | 21 +++----------------- 3 files changed, 9 insertions(+), 27 deletions(-) diff --git a/api/chalicelib/blueprints/bp_core.py b/api/chalicelib/blueprints/bp_core.py index 62b4ec114..14110f383 100644 --- a/api/chalicelib/blueprints/bp_core.py +++ b/api/chalicelib/blueprints/bp_core.py @@ -502,15 +502,12 @@ def edit_gdpr(projectId, context): return {"data": projects.edit_gdpr(project_id=projectId, gdpr=data)} -@app.route('/password/reset/{step}', methods=['PUT', 'POST'], authorizer=None) -def reset_password_handler(step): +@app.route('/password/reset-link', methods=['PUT', 'POST'], authorizer=None) +def reset_password_handler(): data = app.current_request.json_body - if step == "1": - if "email" not in data or len(data["email"]) < 5: - return {"errors": ["please provide a valid email address"]} - return reset_password.step1(data) - # elif step == "2": - # return reset_password.step2(data) + if "email" not in data or len(data["email"]) < 5: + return {"errors": ["please provide a valid email address"]} + return reset_password.reset(data) @app.route('/{projectId}/metadata', methods=['GET']) diff --git a/api/chalicelib/blueprints/bp_core_dynamic.py b/api/chalicelib/blueprints/bp_core_dynamic.py index 23141a4e1..0e1a7d8db 100644 --- a/api/chalicelib/blueprints/bp_core_dynamic.py +++ b/api/chalicelib/blueprints/bp_core_dynamic.py @@ -375,7 +375,7 @@ def process_invitation_link(): 'Content-Type': 'text/plain'}) -@app.route('/users/invitation/password', methods=['POST', 'PUT'], authorizer=None) +@app.route('/password/reset', methods=['POST', 'PUT'], authorizer=None) def change_password_by_invitation(): data = app.current_request.json_body if data is None or len(data.get("invitation", "")) < 64 or len(data.get("pass", "")) < 8: diff --git a/api/chalicelib/core/reset_password.py b/api/chalicelib/core/reset_password.py index 0b677c8e6..0b7302d5d 100644 --- a/api/chalicelib/core/reset_password.py +++ b/api/chalicelib/core/reset_password.py @@ -1,13 +1,9 @@ -import chalicelib.utils.TimeUTC from chalicelib.utils import email_helper, captcha, helper -import secrets -from chalicelib.utils import pg_client - from chalicelib.core import users -def step1(data): - print("====================== reset password 1 ===============") +def reset(data): + print("====================== reset password ===============") print(data) if helper.allow_captcha() and not captcha.is_valid(data["g-recaptcha-response"]): print("error: Invalid captcha.") @@ -21,20 +17,9 @@ def step1(data): return {"errors": ["multiple users, please contact our support"]} elif len(a_users) == 1: a_users = a_users[0] - invitation_link=users.generate_new_invitation(user_id=a_users["id"]) + invitation_link = users.generate_new_invitation(user_id=a_users["id"]) email_helper.send_forgot_password(recipient=data["email"], invitation_link=invitation_link) else: print(f"invalid email address [{data['email']}]") return {"errors": ["invalid email address"]} return {"data": {"state": "success"}} - - -# def step2(data): -# print("====================== change password 2 ===============") -# user = users.get_by_email_reset(data["email"], data["code"]) -# if not user: -# print("error: wrong email or reset code") -# return {"errors": ["wrong email or reset code"]} -# users.update(tenant_id=user["tenantId"], user_id=user["id"], -# changes={"token": None, "password": data["password"], "generatedPassword": False}) -# return {"data": {"state": "success"}}