Mirror/app-MAIL-temp
1
0
Fork 0
mirror of https://github.com/simple-login/app.git synced 2024-11-16 00:48:32 +01:00
Code Issues Projects Releases Packages Wiki Activity

always return 200 in /forgot_password

Browse source
This commit is contained in:
Son NK 2020-03-18 21:55:50 +01:00 committed by Son NK
parent f8f501b84d
commit e81b807971
3 changed files with 9 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -819,9 +819,7 @@ Output:
Input: Input:
- email - email
Output: Output: always return 200, even if email doesn't exist. User need to enter correctly their email.
- 200: user is going to receive an email to reset the password
- 400 if error (email not found)
#### GET /api/aliases #### GET /api/aliases

14
app/api/views/auth_login.py
View file

@ -332,16 +332,14 @@ def forgot_password():
""" """
data = request.get_json() data = request.get_json()
if not data: if not data or not data.get("email"):
return jsonify(error="request body cannot be empty"), 400 return jsonify(error="request body must contain email"), 400
email = data.get("email") email = data.get("email").lower()
user = User.get_by(email=email) user = User.get_by(email=email)
if not user: if user:
return jsonify(error="Email not found"), 400 send_reset_password_email(user)
send_reset_password_email(user) return jsonify(ok=True)
return jsonify(reset_sent=True)

4
tests/api/test_auth_login.py
View file

@ -210,9 +210,9 @@ def test_auth_login_forgot_password(flask_client):
assert r.status_code == 200 assert r.status_code == 200
# No such email # No such email, still return 200
r = flask_client.post( r = flask_client.post(
url_for("api.forgot_password"), json={"email": "not-exist@b.c"}, url_for("api.forgot_password"), json={"email": "not-exist@b.c"},
) )
assert r.status_code == 400 assert r.status_code == 200