From c8e2686d2cfff1b65728957b89b26e912afc2eb2 Mon Sep 17 00:00:00 2001
From: matve <matveytulaevm.ama@gmail.com>
Date: Mon, 25 Mar 2024 16:34:06 +0300
Subject: [PATCH] fix comments#2

---
 sapphire/common/broker/models/email.py   |  2 +-
 sapphire/users/api/rest/auth/handlers.py |  4 ++--
 sapphire/users/cache/service.py          | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/sapphire/common/broker/models/email.py b/sapphire/common/broker/models/email.py
index d337761f..ae13620a 100644
--- a/sapphire/common/broker/models/email.py
+++ b/sapphire/common/broker/models/email.py
@@ -13,7 +13,7 @@ class EmailType(str, enum.Enum):
     PARTICIPANT_DECLINED = "participant_declined"
     PARTICIPANT_LEFT = "participant_left"
     OWNER_EXCLUDED = "owner_excluded"
-    RESET_PASSWORD = "change_password"
+    RESET_PASSWORD = "reset_password"
 
 
 class Email(BaseModel):
diff --git a/sapphire/users/api/rest/auth/handlers.py b/sapphire/users/api/rest/auth/handlers.py
index 1fd67e7e..b239a0f9 100644
--- a/sapphire/users/api/rest/auth/handlers.py
+++ b/sapphire/users/api/rest/auth/handlers.py
@@ -85,7 +85,7 @@ async def change_password(
         if not user:
             raise HTTPNotFound()
 
-    secret_code = await cache_service.change_password_set_secret_code()  # in the future will be key
+    secret_code = await cache_service.change_password_set_secret_code(email=email)  # in the future will be key
     # to get code to validate sent code with input code
     await broker_service.send_email_code(email=email, code=secret_code)
 
@@ -101,7 +101,7 @@ async def reset_password(
     database_service: database.Service = request.app.service.database
     cache_service: cache.Service = request.app.service.cache
 
-    if not cache_service.change_password_validate_code(secret_code=secret_code):
+    if not cache_service.change_password_validate_code(secret_code=secret_code, email=email):
         raise HTTPForbidden()
 
     async with database_service.transaction() as session:
diff --git a/sapphire/users/cache/service.py b/sapphire/users/cache/service.py
index a4adc8b0..e2b9f286 100644
--- a/sapphire/users/cache/service.py
+++ b/sapphire/users/cache/service.py
@@ -21,16 +21,16 @@ async def oauth_validate_state(self, state: str) -> bool:
             return True
         return False
 
-    async def change_password_set_secret_code(self) -> str:
+    async def change_password_set_secret_code(self, email: str) -> str:
         secret_code = str(secrets.token_urlsafe(12))
-        key = f"users:auth:change_password:secret_code:{secret_code}"
+        key = f"users:auth:change_password:secret_code:{email}"
         await self.redis.set(key, secret_code, ex=43200)
         return secret_code
 
-    async def change_password_validate_code(self, secret_code: str) -> bool:
-        key = f"users:auth:change_password:secret_code:{secret_code}"
+    async def change_password_validate_code(self, secret_code: str, email: str) -> bool:
+        key = f"users:auth:change_password:secret_code:{email}"
         value = await self.redis.get(key)
-        if value is not None:
+        if value == secret_code:
             await self.redis.delete(key)
             return True
         return False