From 2c2e1772b23bbd42b99eeedc854f4d7b723e59d1 Mon Sep 17 00:00:00 2001 From: Navan Chauhan Date: Sun, 6 Jun 2021 15:06:02 +0530 Subject: add exceptions for confirm token and test for unverified email --- app/tests/test_views.py | 13 +++++++++++++ app/views/auth.py | 6 ++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/app/tests/test_views.py b/app/tests/test_views.py index a9645b2..0abd5e4 100644 --- a/app/tests/test_views.py +++ b/app/tests/test_views.py @@ -32,6 +32,12 @@ data2check_visitors = { }, "/admin/user/":{ "code":403,"data":b"Forbidden" + }, + "/confirm":{ + "code":200,"data":b"Token not provided in URL Parameter" + }, + "/confirm?confirmation_token=123":{ + "code":200,"data":b"Bad Token Provided" } } @@ -52,6 +58,13 @@ def test_user_auth_flow(app, client): assert res.status_code == 200 assert b"confirm your email" in res.data + res = client.post("/signin",data=dict( + email="test@example.com", + password="testpassword"), + follow_redirects=True) + assert res.status_code == 200 + assert b"Please Confirm Your Email First." in res.data + confirmation_token = ts.dumps("test@example.com",salt="email-confirm-key") res = client.get("/confirm?confirmation_token={}".format(confirmation_token), follow_redirects=True) diff --git a/app/views/auth.py b/app/views/auth.py index f2cf338..d6f02b8 100644 --- a/app/views/auth.py +++ b/app/views/auth.py @@ -5,6 +5,7 @@ from app.misc_func import flash_errors, send, send_async import flask_login from sqlalchemy.exc import IntegrityError from itsdangerous.url_safe import URLSafeSerializer +from itsdangerous.exc import BadSignature ts = URLSafeSerializer(app.config["SECRET_KEY"]) @@ -111,8 +112,9 @@ def confirm_email(): try: email = ts.loads(confirmation_token, salt="email-confirm-key",max_age=86400) except TypeError: - return render_template("message.html",message="Expired or Invalid Token") - + return render_template("message.html",message="Token not provided in URL Parameter") + except BadSignature: + return render_template("message.html",message="Bad Token Provided") user = models.User.query.filter_by(email=email).first() print(email) user.confirmation = True -- cgit v1.2.3