diff options
author | Denis Costa <deniscostadsc@gmail.com> | 2017-04-13 16:39:30 -0300 |
---|---|---|
committer | Tulio Casagrande <tcasagra@thoughtworks.com> | 2017-04-13 17:32:13 -0300 |
commit | dd189164ef0b39132daafcbe5d163bc259ccec8e (patch) | |
tree | 57776da477e91f938ac5fa7b132e94df6ae0b3fb | |
parent | 1fcb0c8fb399647bf86ef1b7c6771b3a29f67aa9 (diff) |
[#927] Add recovery code mail template
with @tuliocasagrande
-rw-r--r-- | service/pixelated/account_recovery.py | 18 | ||||
-rw-r--r-- | service/pixelated/assets/recovery.mail.en-US | 20 | ||||
-rw-r--r-- | service/test/functional/features/steps/mail_list.py | 6 | ||||
-rw-r--r-- | service/test/functional/features/steps/mail_view.py | 6 | ||||
-rw-r--r-- | service/test/unit/test_account_recovery.py | 24 |
5 files changed, 66 insertions, 8 deletions
diff --git a/service/pixelated/account_recovery.py b/service/pixelated/account_recovery.py index 2208faf5..723d4048 100644 --- a/service/pixelated/account_recovery.py +++ b/service/pixelated/account_recovery.py @@ -14,12 +14,15 @@ # You should have received a copy of the GNU Affero General Public License # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. +import pkg_resources + from twisted.internet.defer import inlineCallbacks, returnValue from twisted.logger import Logger from twisted.mail import smtp from email.mime.text import MIMEText +from pixelated.resources.account_recovery_resource import AccountRecoveryResource log = Logger() @@ -53,7 +56,7 @@ class AccountRecovery(object): log.info('Sending mail containing the user\'s recovery code') sender = 'team@{}'.format(self._domain) - msg = MIMEText('Your code %s' % code) + msg = MIMEText(self._get_recovery_mail(code)) msg['Subject'] = 'Recovery Code' msg['From'] = sender msg['To'] = backup_email @@ -68,3 +71,16 @@ class AccountRecovery(object): except Exception as e: log.error('Failed trying to send the email with the recovery code') raise e + + def _get_recovery_mail(self, code, language='en-US'): + recovery_mail = pkg_resources.resource_filename( + 'pixelated.assets', + 'recovery.mail.%s' % (language)) + + account_recovery_url = '{}/{}'.format(self._domain, AccountRecoveryResource.BASE_URL) + + with open(recovery_mail) as mail_template_file: + return mail_template_file.read().format( + domain=self._domain, + recovery_code=code, + account_recovery_url=account_recovery_url) diff --git a/service/pixelated/assets/recovery.mail.en-US b/service/pixelated/assets/recovery.mail.en-US new file mode 100644 index 00000000..d14ca712 --- /dev/null +++ b/service/pixelated/assets/recovery.mail.en-US @@ -0,0 +1,20 @@ +Hello, + +You are receiving this email because you registered at a Pixelated provider, on {domain}. +In case you ever forget your password, you can access this link {account_recovery_url} and put the following recovery code: + +{recovery_code} + +This code is they only way to recover access to your account in case you lose your password. +Be careful and keep it safe!!! + +Why is this so important? + +Pixelated is an email client that respects your privacy and uses PGP Encryption to do so. +Your password also gives you access to your keys, so if you forget it you will lose access to your account and the ability to decrypt your messages. +We understand that forgetting passwords is a common thing, so we developed a more secure way to recover access to your account, therefore, a little bit more annoying ;) +This code is half of a big code to recover your account, the other half is with the account administrator. In case you forget your password, use this code and your administrator code to recover access to your account. It's like those locks with two keys :) +You will only succeed if you have both codes, so, never hurts to ask again: SAVE THIS CODE! + + +PS: If you didn't create an account at {domain}, please ignore this email. diff --git a/service/test/functional/features/steps/mail_list.py b/service/test/functional/features/steps/mail_list.py index 2953c1af..21694153 100644 --- a/service/test/functional/features/steps/mail_list.py +++ b/service/test/functional/features/steps/mail_list.py @@ -138,9 +138,3 @@ def impl(context): @then('I should not see any email') def impl(context): _wait_for_mail_list_to_be_empty(context) - - -@then(u'I see the mail has the recovery code') -def step_impl(context): - expected_body = 'Your code' - context.execute_steps(u"Then I see that the body has '%s'" % expected_body) diff --git a/service/test/functional/features/steps/mail_view.py b/service/test/functional/features/steps/mail_view.py index d10f86e7..9b49e6e5 100644 --- a/service/test/functional/features/steps/mail_view.py +++ b/service/test/functional/features/steps/mail_view.py @@ -109,3 +109,9 @@ def impl(context): assert cc is not None assert bcc is not None + + +@then(u'I see the mail has the recovery code') +def step_impl(context): + expected_body = 'This code is they only way to recover access to your account in case you lose your password.' + context.execute_steps(u"Then I see that the body has '%s'" % expected_body) diff --git a/service/test/unit/test_account_recovery.py b/service/test/unit/test_account_recovery.py index 08298419..8d52676e 100644 --- a/service/test/unit/test_account_recovery.py +++ b/service/test/unit/test_account_recovery.py @@ -24,6 +24,28 @@ from mockito import when, any as ANY from pixelated.account_recovery import AccountRecovery +RECOVERY_CODE_EMAIL = '''Hello, + +You are receiving this email because you registered at a Pixelated provider, on test.com. +In case you ever forget your password, you can access this link test.com/account-recovery and put the following recovery code: + +4645a2f8997e5d0d + +This code is they only way to recover access to your account in case you lose your password. +Be careful and keep it safe!!! + +Why is this so important? + +Pixelated is an email client that respects your privacy and uses PGP Encryption to do so. +Your password also gives you access to your keys, so if you forget it you will lose access to your account and the ability to decrypt your messages. +We understand that forgetting passwords is a common thing, so we developed a more secure way to recover access to your account, therefore, a little bit more annoying ;) +This code is half of a big code to recover your account, the other half is with the account administrator. In case you forget your password, use this code and your administrator code to recover access to your account. It\'s like those locks with two keys :) +You will only succeed if you have both codes, so, never hurts to ask again: SAVE THIS CODE! + + +PS: If you didn\'t create an account at test.com, please ignore this email. +''' + class AccountRecoveryTest(unittest.TestCase): def setUp(self): @@ -53,7 +75,7 @@ class AccountRecoveryTest(unittest.TestCase): @defer.inlineCallbacks def test_send_recovery_code_by_email(self): sender = 'team@{}'.format(self.domain) - msg = MIMEText('Your code %s' % self.generated_code) + msg = MIMEText(RECOVERY_CODE_EMAIL) msg['Subject'] = 'Recovery Code' msg['From'] = sender msg['To'] = self.backup_email |