make sure expiration is handled for ActivationCode and ResetPasswordCode

2019-08-17 22:21:32 +02:00 · 2019-08-17 22:21:32 +02:00 · 2693ba5838
parent 4704ca0bc6
commit 2693ba5838
5 changed files with 11 additions and 8 deletions
--- a/app/auth/views/activate.py
+++ b/app/auth/views/activate.py
@ -1,4 +1,3 @@
 import arrow
 from flask import request, redirect, url_for, flash, render_template
 from flask_login import login_user, current_user
@ -26,7 +25,7 @@ def activate():
            400,
        )
-    if activation_code.expired and activation_code.expired < arrow.now():
+    if activation_code.is_expired():
        return (
            render_template(
                "auth/activate.html",
--- a/app/auth/views/register.py
+++ b/app/auth/views/register.py
@ -56,9 +56,7 @@ def register():
 def send_activation_email(user, next_url):
    # the activation code is valid for 1h
-    activation = ActivationCode.create(
+    activation = ActivationCode.create(user_id=user.id, code=random_string(30))
        user_id=user.id, code=random_string(30), expired=arrow.now().shift(hours=1)
    )
    db.session.commit()
    # Send user activation email
--- a/app/auth/views/reset_password.py
+++ b/app/auth/views/reset_password.py
@ -32,7 +32,7 @@ def reset_password():
        )
        return render_template("auth/reset_password.html", form=form, error=error)
-    if reset_password_code.expired < arrow.now():
+    if reset_password_code.is_expired():
        error = (
            "The link is already expired. Please make a new request to reset password"
        )
--- a/app/dashboard/views/setting.py
+++ b/app/dashboard/views/setting.py
@ -146,7 +146,7 @@ def send_reset_password_email(user):
    """
    # the activation code is valid for 1h
    reset_password_code = ResetPasswordCode.create(
-        user_id=user.id, code=random_string(60), expired=arrow.now().shift(hours=1)
+        user_id=user.id, code=random_string(60)
    )
    db.session.commit()
--- a/app/models.py
+++ b/app/models.py
@ -251,7 +251,10 @@ class ActivationCode(db.Model, ModelMixin):
    user = db.relationship(User)
-    expired = db.Column(ArrowType, default=_expiration_1h)
+    expired = db.Column(ArrowType, nullable=False, default=_expiration_1h)
    def is_expired(self):
        return self.expired < arrow.now()
 class ResetPasswordCode(db.Model, ModelMixin):
@ -264,6 +267,9 @@ class ResetPasswordCode(db.Model, ModelMixin):
    expired = db.Column(ArrowType, nullable=False, default=_expiration_1h)
    def is_expired(self):
        return self.expired < arrow.now()
 class Partner(db.Model, ModelMixin):
    email = db.Column(db.String(128))