Commit 8e2d5156 authored by Arthur Lutz's avatar Arthur Lutz
Browse files

use https in link for reset of password (closes #2414595)

Dependency on https://www.cubicweb.org/ticket/2508638

--HG--
branch : stable
parent 3a9c82b9414d
......@@ -95,7 +95,9 @@ def forgotpwd_send_email(self, data):
raise ValidationError(None, {None: session._(u'An error occured, this email address is unknown.')})
data['revocation_id'] = revocation_id
key = encrypt(data, session.vreg.config['forgotpwd-cypher-seed'])
url = session.build_url('forgottenpasswordrequest', key=key)
url = session.build_url('forgottenpasswordrequest',
__secure__=True,
key=key,)
session.set_shared_data('resetlink', url)
# mail is sent on commit
session.commit()
......
......@@ -5,22 +5,39 @@ from logilab.common.testlib import unittest_main
from cubicweb.devtools.testlib import MAILBOX
from cubicweb.devtools.testlib import CubicWebTC
from cubicweb.devtools.fake import FakeConfig
from cubicweb.web.request import CubicWebRequestBase
class ForgotTC(CubicWebTC):
def setup_database(self):
self.user = self.create_user(u'test_user')
self.request().create_entity('EmailAddress', address=u'test_user@logilab.fr',
reverse_use_email=self.user)
for index in range(4):
user = self.create_user(u'test_user%s' % index)
self.request().create_entity('EmailAddress',
address=u'test_user%s@logilab.fr' % index,
reverse_use_email=user)
def test_reset_password(self):
MAILBOX[:] = []
self.assertEqual(len(MAILBOX), 0)
self.session.repo.forgotpwd_send_email({'use_email':'test_user@logilab.fr'})
self.session.repo.forgotpwd_send_email({'use_email':'test_user1@logilab.fr'})
self.assertEqual(len(MAILBOX), 1)
self.assert_('None' not in MAILBOX[0].content)
def test_reset_https(self):
MAILBOX[:] = []
self.config.global_set_option('base-url', 'http://babar.com/')
self.session.repo.forgotpwd_send_email({'use_email':'test_user2@logilab.fr'})
self.assert_('http://babar.com/' in MAILBOX[0].content)
self.config.global_set_option('https-url', 'https://babar.com/')
self.session.repo.forgotpwd_send_email({'use_email':'test_user3@logilab.fr'})
print MAILBOX[1].content
self.assert_('https://babar.com/' in MAILBOX[1].content)
if __name__ == '__main__':
unittest_main()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment