always return 200 in /forgot_password

This commit is contained in:
Son NK 2020-03-18 21:55:50 +01:00
parent a1fad2216f
commit b0f2d7b85a
3 changed files with 9 additions and 13 deletions

View File

@ -802,9 +802,7 @@ Output:
Input:
- email
Output:
- 200: user is going to receive an email to reset the password
- 400 if error (email not found)
Output: always return 200, even if email doesn't exist. User need to enter correctly their email.
#### GET /api/aliases

View File

@ -332,16 +332,14 @@ def forgot_password():
"""
data = request.get_json()
if not data:
return jsonify(error="request body cannot be empty"), 400
if not data or not data.get("email"):
return jsonify(error="request body must contain email"), 400
email = data.get("email")
email = data.get("email").lower()
user = User.get_by(email=email)
if not user:
return jsonify(error="Email not found"), 400
if user:
send_reset_password_email(user)
send_reset_password_email(user)
return jsonify(reset_sent=True)
return jsonify(ok=True)

View File

@ -210,9 +210,9 @@ def test_auth_login_forgot_password(flask_client):
assert r.status_code == 200
# No such email
# No such email, still return 200
r = flask_client.post(
url_for("api.forgot_password"), json={"email": "not-exist@b.c"},
)
assert r.status_code == 400
assert r.status_code == 200