Merge pull request #9274 from OpenMined/snwagh/adding-test-for-passwo…

…rd-token-expiry Added test to notebook for password token expiry
OpenMined · Sep 9, 2024 · ba7d2b2 · ba7d2b2
2 parents 3e189db + c856364
commit ba7d2b2
Show file tree

Hide file tree

Showing 5 changed files with 213 additions and 9 deletions.
diff --git a/notebooks/scenarios/bigquery/011-users-emails-passwords.ipynb b/notebooks/scenarios/bigquery/011-users-emails-passwords.ipynb
@@ -312,6 +312,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "# This is necessary as it sets the new token value in user.reset_token\n",
     "token = reset_password_user.get_token()\n",
     "token"
    ]
@@ -323,6 +324,7 @@
    "metadata": {},
    "outputs": [],
    "source": [
+    "# This is necessary as it sets the new password value in user.new_password\n",
     "passw = reset_password_user.make_new_password()\n",
     "passw"
    ]
@@ -369,13 +371,101 @@
    "outputs": [],
    "source": [
     "# relogin\n",
-    "reset_password_user.client = reset_password_user.client"
+    "reset_password_user.relogin()\n",
+    "# reset_password_user.client = reset_password_user.client"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "28",
+   "metadata": {},
+   "source": [
+    "## Reset password second time"
    ]
   },
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "28",
+   "id": "29",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "reset_password_user.client.guest().forgot_password(email=reset_password_user.email)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "30",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "output = reset_password_user.client.guest().reset_password(\n",
+    "    token=reset_password_user.get_token(),\n",
+    "    new_password=reset_password_user.make_new_password(),\n",
+    ")\n",
+    "output"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "31",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "assert isinstance(output, sy.SyftSuccess)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "32",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# print(f\"token:\\t\\t {reset_password_user.reset_token}\\n\\\n",
+    "# password:\\t {reset_password_user.password}\\n\\\n",
+    "# new password:\\t {reset_password_user.new_password}\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "33",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "reset_password_user.update_password()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "34",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# print(f\"token:\\t\\t {reset_password_user.reset_token}\\n\\\n",
+    "# password:\\t {reset_password_user.password}\\n\\\n",
+    "# new password:\\t {reset_password_user.new_password}\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "35",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# relogin\n",
+    "reset_password_user.relogin()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "36",
    "metadata": {},
    "outputs": [],
    "source": [
@@ -385,7 +475,107 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "29",
+   "id": "37",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "reset_password_user"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "38",
+   "metadata": {},
+   "source": [
+    "## Reduce token expiration and try resetting"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "39",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Variable is poorly named, token expiration time is in seconds and not minutes\n",
+    "high_client.api.services.settings.update(pwd_token_config={\"token_exp_min\": 3})\n",
+    "high_client.refresh()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "40",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "reset_password_user.client.guest().forgot_password(email=reset_password_user.email)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "41",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Wait 3 seconds to ensure token expires\n",
+    "await asyncio.sleep(3)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "42",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# This should throw a SyftError because we waited too long\n",
+    "output = reset_password_user.client.guest().reset_password(\n",
+    "    token=reset_password_user.get_token(),\n",
+    "    new_password=reset_password_user.make_new_password(),\n",
+    ")\n",
+    "output"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "43",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "assert isinstance(output, sy.SyftError)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "44",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# relogin\n",
+    "with sy.raises(sy.SyftException, show=True):\n",
+    "    reset_password_user.relogin()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "45",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "# Set things back to the the default settings\n",
+    "high_client.api.services.settings.update(pwd_token_config={\"token_exp_min\": 1800})\n",
+    "high_client.refresh()"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "46",
    "metadata": {},
    "outputs": [],
    "source": [
@@ -395,7 +585,7 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "30",
+   "id": "47",
    "metadata": {},
    "outputs": [],
    "source": [
@@ -405,13 +595,18 @@
   {
    "cell_type": "code",
    "execution_count": null,
-   "id": "31",
+   "id": "48",
    "metadata": {},
    "outputs": [],
    "source": []
   }
  ],
  "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
   "language_info": {
    "codemirror_mode": {
     "name": "ipython",
@@ -422,7 +617,7 @@
    "name": "python",
    "nbconvert_exporter": "python",
    "pygments_lexer": "ipython3",
-   "version": "3.12.5"
+   "version": "3.12.3"
   }
  },
  "nbformat": 4,

diff --git a/notebooks/scenarios/bigquery/helpers.py b/notebooks/scenarios/bigquery/helpers.py
@@ -144,6 +144,10 @@ def __getitem__(self, key):
             return None
         return self.to_dict()[key]
 
+    def update_password(self):
+        self.password = self.new_password
+        self.new_password = None
+
     @property
     def emails(self) -> list[Email]:
         if not self._email_server:

diff --git a/packages/syft/src/syft/service/notification/email_templates.py b/packages/syft/src/syft/service/notification/email_templates.py
@@ -50,6 +50,10 @@ def email_body(notification: "Notification", context: AuthedServiceContext) -> s
         if result.is_err():
             raise Exception("Couldn't update the user password")
 
+        expiry_time = context.server.services.settings.get(
+            context=context
+        ).pwd_token_config.token_exp_min
+
         head = """<head>
             <style>
                 body {
@@ -103,7 +107,7 @@ def email_body(notification: "Notification", context: AuthedServiceContext) -> s
                     <code style="color: #FF8C00;background-color: #f0f0f0;font-size: 12px;">
                         syft_client.reset_password(token='{user.reset_token}', new_password=*****)
                     </code>.
-                to reset your password.</p>
+                to reset your password. This token is valid for {expiry_time} seconds only.</p>
                 <p>If you didn't request a password reset, please ignore this email.</p>
             </div>
         </body>"""

diff --git a/packages/syft/src/syft/service/settings/settings.py b/packages/syft/src/syft/service/settings/settings.py
@@ -43,7 +43,8 @@ class PwdTokenResetConfig(SyftObject):
     ascii: bool = True
     numbers: bool = True
     token_len: int = 12
-    token_exp_min: int = 30
+    # Token expiration time in seconds (not minutes)
+    token_exp_min: int = 1800  # TODO: Rename variable to token_exp_sec
 
     @model_validator(mode="after")
     def validate_char_types(self) -> Self:

diff --git a/packages/syft/src/syft/service/user/user_service.py b/packages/syft/src/syft/service/user/user_service.py
@@ -269,7 +269,7 @@ def reset_password(
 
         # If token expired
         expiration_time = root_context.server.settings.pwd_token_config.token_exp_min
-        if time_difference > timedelta(minutes=expiration_time):
+        if time_difference > timedelta(seconds=expiration_time):
             raise SyftException(
                 public_message="Failed to reset user password. Token is invalid or expired."
             )