diff options
author | Navan Chauhan <navanchauhan@gmail.com> | 2021-06-06 15:06:02 +0530 |
---|---|---|
committer | Navan Chauhan <navanchauhan@gmail.com> | 2021-06-06 15:06:02 +0530 |
commit | 2c2e1772b23bbd42b99eeedc854f4d7b723e59d1 (patch) | |
tree | 54cfcb60686642c3cc8f9694e7965d416f107334 | |
parent | 47b68d56d831d234c44da9530373b95dae338ea4 (diff) |
add exceptions for confirm token and test for unverified email
-rw-r--r-- | app/tests/test_views.py | 13 | ||||
-rw-r--r-- | app/views/auth.py | 6 |
2 files changed, 17 insertions, 2 deletions
diff --git a/app/tests/test_views.py b/app/tests/test_views.py index a9645b2..0abd5e4 100644 --- a/app/tests/test_views.py +++ b/app/tests/test_views.py @@ -32,6 +32,12 @@ data2check_visitors = { }, "/admin/user/":{ "code":403,"data":b"Forbidden" + }, + "/confirm":{ + "code":200,"data":b"Token not provided in URL Parameter" + }, + "/confirm?confirmation_token=123":{ + "code":200,"data":b"Bad Token Provided" } } @@ -52,6 +58,13 @@ def test_user_auth_flow(app, client): assert res.status_code == 200 assert b"confirm your email" in res.data + res = client.post("/signin",data=dict( + email="test@example.com", + password="testpassword"), + follow_redirects=True) + assert res.status_code == 200 + assert b"Please Confirm Your Email First." in res.data + confirmation_token = ts.dumps("test@example.com",salt="email-confirm-key") res = client.get("/confirm?confirmation_token={}".format(confirmation_token), follow_redirects=True) diff --git a/app/views/auth.py b/app/views/auth.py index f2cf338..d6f02b8 100644 --- a/app/views/auth.py +++ b/app/views/auth.py @@ -5,6 +5,7 @@ from app.misc_func import flash_errors, send, send_async import flask_login from sqlalchemy.exc import IntegrityError from itsdangerous.url_safe import URLSafeSerializer +from itsdangerous.exc import BadSignature ts = URLSafeSerializer(app.config["SECRET_KEY"]) @@ -111,8 +112,9 @@ def confirm_email(): try: email = ts.loads(confirmation_token, salt="email-confirm-key",max_age=86400) except TypeError: - return render_template("message.html",message="Expired or Invalid Token") - + return render_template("message.html",message="Token not provided in URL Parameter") + except BadSignature: + return render_template("message.html",message="Bad Token Provided") user = models.User.query.filter_by(email=email).first() print(email) user.confirmation = True |