Cutlery/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-07-09 03:04:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: case-sensitive-password-reset (#1545)

Browse Source 
* make password reset case insensitive

* update test to check for case insensitive
This commit is contained in:
Hayden 2022-08-09 21:10:00 -08:00 committed by GitHub
parent ef24705cfa
commit e5bf7bce17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mealie/services/user_services/password_reset_service.py
View File

@ -17,7 +17,7 @@ class PasswordResetService(BaseService):
super().__init__() super().__init__()
def generate_reset_token(self, email: str) -> SavePasswordResetToken | None: def generate_reset_token(self, email: str) -> SavePasswordResetToken | None:
user = self.db.users.get_one(email, "email") user = self.db.users.get_one(email, "email", any_case=True)
if user is None: if user is None:
logger.error(f"failed to create password reset for {email=}: user doesn't exists") logger.error(f"failed to create password reset for {email=}: user doesn't exists")

26
tests/integration_tests/user_tests/test_user_password_reset_service.py
View File

@ -1,5 +1,6 @@
import json import json
import pytest
from fastapi.testclient import TestClient from fastapi.testclient import TestClient
from mealie.db.db_setup import create_session from mealie.db.db_setup import create_session
@ -15,17 +16,31 @@ class Routes:
self = "/api/users/self" self = "/api/users/self"
def test_password_reset(api_client: TestClient, unique_user: TestUser): @pytest.mark.parametrize("casing", ["lower", "upper", "mixed"])
session = create_session() def test_password_reset(api_client: TestClient, unique_user: TestUser, casing: str):
cased_email = ""
if casing == "lower":
cased_email = unique_user.email.lower()
elif casing == "upper":
cased_email = unique_user.email.upper()
else:
for i, l in enumerate(unique_user.email):
if i % 2 == 0:
cased_email += l.upper()
else:
cased_email += l.lower()
cased_email
session = create_session()
service = PasswordResetService(session) service = PasswordResetService(session)
token = service.generate_reset_token(unique_user.email) token = service.generate_reset_token(cased_email)
assert token is not None
new_password = random_string(15) new_password = random_string(15)
payload = { payload = {
"token": token.token, "token": token.token,
"email": unique_user.email, "email": cased_email,
"password": new_password, "password": new_password,
"passwordConfirm": new_password, "passwordConfirm": new_password,
} }
@ -41,8 +56,7 @@ def test_password_reset(api_client: TestClient, unique_user: TestUser):
# Test Token # Test Token
new_token = json.loads(response.text).get("access_token") new_token = json.loads(response.text).get("access_token")
token = {"Authorization": f"Bearer {new_token}"} response = api_client.get(Routes.self, headers={"Authorization": f"Bearer {new_token}"})
response = api_client.get(Routes.self, headers=token)
assert response.status_code == 200 assert response.status_code == 200
session.close() session.close()