mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
Remove ResetCodes after email change (#1191)
Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
97805173cb
commit
f4c5198055
@ -3,7 +3,7 @@ from flask_login import login_user
|
|||||||
|
|
||||||
from app.auth.base import auth_bp
|
from app.auth.base import auth_bp
|
||||||
from app.db import Session
|
from app.db import Session
|
||||||
from app.models import EmailChange
|
from app.models import EmailChange, ResetPasswordCode
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/change_email", methods=["GET", "POST"])
|
@auth_bp.route("/change_email", methods=["GET", "POST"])
|
||||||
@ -25,6 +25,7 @@ def change_email():
|
|||||||
user.email = email_change.new_email
|
user.email = email_change.new_email
|
||||||
|
|
||||||
EmailChange.delete(email_change.id)
|
EmailChange.delete(email_change.id)
|
||||||
|
ResetPasswordCode.filter_by(user_id=user.id).delete()
|
||||||
Session.commit()
|
Session.commit()
|
||||||
|
|
||||||
flash("Your new email has been updated", "success")
|
flash("Your new email has been updated", "success")
|
||||||
|
33
tests/auth/test_change_email.py
Normal file
33
tests/auth/test_change_email.py
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
from flask import url_for
|
||||||
|
|
||||||
|
from app.db import Session
|
||||||
|
from app.models import EmailChange, User, ResetPasswordCode
|
||||||
|
from tests.utils import create_new_user, random_token, random_email
|
||||||
|
|
||||||
|
|
||||||
|
def test_change_email(flask_client):
|
||||||
|
user = create_new_user()
|
||||||
|
user.activated = False
|
||||||
|
user_id = user.id
|
||||||
|
email_change = EmailChange.create(
|
||||||
|
user_id=user.id,
|
||||||
|
code=random_token(),
|
||||||
|
new_email=random_email(),
|
||||||
|
)
|
||||||
|
reset_id = ResetPasswordCode.create(user_id=user_id, code=random_token()).id
|
||||||
|
email_change_id = email_change.id
|
||||||
|
email_change_code = email_change.code
|
||||||
|
new_email = email_change.new_email
|
||||||
|
Session.commit()
|
||||||
|
|
||||||
|
r = flask_client.get(
|
||||||
|
url_for("auth.change_email", code=email_change_code),
|
||||||
|
follow_redirects=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
assert r.status_code == 200
|
||||||
|
|
||||||
|
user = User.get(user_id)
|
||||||
|
assert user.email == new_email
|
||||||
|
assert EmailChange.get(email_change_id) is None
|
||||||
|
assert ResetPasswordCode.get(reset_id) is None
|
Loading…
Reference in New Issue
Block a user