From b0f2d7b85ae18ccf7536d32346b1dfcafc47584e Mon Sep 17 00:00:00 2001 From: Son NK Date: Wed, 18 Mar 2020 21:55:50 +0100 Subject: [PATCH] always return 200 in /forgot_password --- README.md | 4 +--- app/api/views/auth_login.py | 14 ++++++-------- tests/api/test_auth_login.py | 4 ++-- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 67f2a098..6ffa69e6 100644 --- a/README.md +++ b/README.md @@ -802,9 +802,7 @@ Output: Input: - email -Output: -- 200: user is going to receive an email to reset the password -- 400 if error (email not found) +Output: always return 200, even if email doesn't exist. User need to enter correctly their email. #### GET /api/aliases diff --git a/app/api/views/auth_login.py b/app/api/views/auth_login.py index 422f376a..adbc29ea 100644 --- a/app/api/views/auth_login.py +++ b/app/api/views/auth_login.py @@ -332,16 +332,14 @@ def forgot_password(): """ data = request.get_json() - if not data: - return jsonify(error="request body cannot be empty"), 400 + if not data or not data.get("email"): + return jsonify(error="request body must contain email"), 400 - email = data.get("email") + email = data.get("email").lower() user = User.get_by(email=email) - if not user: - return jsonify(error="Email not found"), 400 + if user: + send_reset_password_email(user) - send_reset_password_email(user) - - return jsonify(reset_sent=True) + return jsonify(ok=True) diff --git a/tests/api/test_auth_login.py b/tests/api/test_auth_login.py index 9b0a6dd4..8a3a44ea 100644 --- a/tests/api/test_auth_login.py +++ b/tests/api/test_auth_login.py @@ -210,9 +210,9 @@ def test_auth_login_forgot_password(flask_client): assert r.status_code == 200 - # No such email + # No such email, still return 200 r = flask_client.post( url_for("api.forgot_password"), json={"email": "not-exist@b.c"}, ) - assert r.status_code == 400 + assert r.status_code == 200