fix comments#2

habralab · Mar 25, 2024 · c8e2686 · c8e2686
1 parent 8ad6f44
commit c8e2686
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 8 deletions.
diff --git a/sapphire/common/broker/models/email.py b/sapphire/common/broker/models/email.py
@@ -13,7 +13,7 @@ class EmailType(str, enum.Enum):
     PARTICIPANT_DECLINED = "participant_declined"
     PARTICIPANT_LEFT = "participant_left"
     OWNER_EXCLUDED = "owner_excluded"
-    RESET_PASSWORD = "change_password"
+    RESET_PASSWORD = "reset_password"
 
 
 class Email(BaseModel):

diff --git a/sapphire/users/api/rest/auth/handlers.py b/sapphire/users/api/rest/auth/handlers.py
@@ -85,7 +85,7 @@ async def change_password(
         if not user:
             raise HTTPNotFound()
 
-    secret_code = await cache_service.change_password_set_secret_code()  # in the future will be key
+    secret_code = await cache_service.change_password_set_secret_code(email=email)  # in the future will be key
     # to get code to validate sent code with input code
     await broker_service.send_email_code(email=email, code=secret_code)
 
@@ -101,7 +101,7 @@ async def reset_password(
     database_service: database.Service = request.app.service.database
     cache_service: cache.Service = request.app.service.cache
 
-    if not cache_service.change_password_validate_code(secret_code=secret_code):
+    if not cache_service.change_password_validate_code(secret_code=secret_code, email=email):
         raise HTTPForbidden()
 
     async with database_service.transaction() as session:

diff --git a/sapphire/users/cache/service.py b/sapphire/users/cache/service.py
@@ -21,16 +21,16 @@ async def oauth_validate_state(self, state: str) -> bool:
             return True
         return False
 
-    async def change_password_set_secret_code(self) -> str:
+    async def change_password_set_secret_code(self, email: str) -> str:
         secret_code = str(secrets.token_urlsafe(12))
-        key = f"users:auth:change_password:secret_code:{secret_code}"
+        key = f"users:auth:change_password:secret_code:{email}"
         await self.redis.set(key, secret_code, ex=43200)
         return secret_code
 
-    async def change_password_validate_code(self, secret_code: str) -> bool:
-        key = f"users:auth:change_password:secret_code:{secret_code}"
+    async def change_password_validate_code(self, secret_code: str, email: str) -> bool:
+        key = f"users:auth:change_password:secret_code:{email}"
         value = await self.redis.get(key)
-        if value is not None:
+        if value == secret_code:
             await self.redis.delete(key)
             return True
         return False