API - add endpoint to confirm email change

This commit is contained in:
Sam 2022-03-13 08:59:37 +01:00
parent 191390f397
commit 42dfeee283
2 changed files with 118 additions and 0 deletions

View File

@ -1866,3 +1866,64 @@ class TestPasswordUpdate(ApiTestCaseMixin):
data = json.loads(response.data.decode()) data = json.loads(response.data.decode())
assert data['status'] == 'success' assert data['status'] == 'success'
assert data['message'] == 'password updated' assert data['message'] == 'password updated'
class TestEmailUpdateWitUnauthenticatedUser(ApiTestCaseMixin):
def test_it_returns_error_if_token_is_missing(self, app: Flask) -> None:
client = app.test_client()
response = client.post(
'/api/auth/email/update',
data=json.dumps(dict()),
content_type='application/json',
)
self.assert_400(response)
def test_it_returns_error_if_token_is_invalid(self, app: Flask) -> None:
client = app.test_client()
response = client.post(
'/api/auth/email/update',
data=json.dumps(dict(token=random_string())),
content_type='application/json',
)
self.assert_400(response)
def test_it_does_not_update_email_if_token_mismatches(
self, app: Flask, user_1: User
) -> None:
user_1.confirmation_token = random_string()
new_email = 'new.email@example.com'
user_1.email_to_confirm = new_email
client = app.test_client()
response = client.post(
'/api/auth/email/update',
data=json.dumps(dict(token=random_string())),
content_type='application/json',
)
self.assert_400(response)
def test_it_updates_email(self, app: Flask, user_1: User) -> None:
token = random_string()
user_1.confirmation_token = token
new_email = 'new.email@example.com'
user_1.email_to_confirm = new_email
client = app.test_client()
response = client.post(
'/api/auth/email/update',
data=json.dumps(dict(token=token)),
content_type='application/json',
)
assert response.status_code == 200
data = json.loads(response.data.decode())
assert data['status'] == 'success'
assert data['message'] == 'email updated'
assert user_1.email == new_email
assert user_1.email_to_confirm is None
assert user_1.confirmation_token is None

View File

@ -1302,3 +1302,60 @@ def update_password() -> Union[Dict, HttpResponse]:
} }
except (exc.OperationalError, ValueError) as e: except (exc.OperationalError, ValueError) as e:
return handle_error_and_return_response(e, db=db) return handle_error_and_return_response(e, db=db)
@auth_blueprint.route('/auth/email/update', methods=['POST'])
def update_email() -> Union[Dict, HttpResponse]:
"""
update user email after confirmation
**Example request**:
.. sourcecode:: http
POST /api/auth/email/update HTTP/1.1
Content-Type: application/json
**Example response**:
HTTP/1.1 200 OK
Content-Type: application/json
{
"message": "email updated",
"status": "success"
}
:<json string token: password reset token
:statuscode 200: email updated
:statuscode 400: invalid payload
:statuscode 500: error, please try again or contact the administrator
"""
post_data = request.get_json()
if not post_data or post_data.get('token') is None:
return InvalidPayloadErrorResponse()
token = post_data.get('token')
try:
user = User.query.filter_by(confirmation_token=token).first()
if not user:
return InvalidPayloadErrorResponse()
user.email = user.email_to_confirm
user.email_to_confirm = None
user.confirmation_token = None
db.session.commit()
response = {
'status': 'success',
'message': 'email updated',
}
return response
except (exc.OperationalError, ValueError) as e:
return handle_error_and_return_response(e, db=db)