Closed kobyfogel closed 3 years ago
Merging #289 (846f7d2) into develop (31e231c) will decrease coverage by
0.41%
. The diff coverage is85.80%
.
@@ Coverage Diff @@
## develop #289 +/- ##
===========================================
- Coverage 95.05% 94.64% -0.42%
===========================================
Files 81 83 +2
Lines 3764 3903 +139
===========================================
+ Hits 3578 3694 +116
- Misses 186 209 +23
Impacted Files | Coverage Δ | |
---|---|---|
app/internal/user.py | 0.00% <0.00%> (ø) |
|
app/main.py | 95.23% <ø> (ø) |
|
app/internal/security/schema.py | 97.61% <97.05%> (-2.39%) |
:arrow_down: |
app/database/schemas.py | 100.00% <100.00%> (ø) |
|
app/internal/email.py | 100.00% <100.00%> (ø) |
|
app/internal/security/dependencies.py | 100.00% <100.00%> (ø) |
|
app/internal/security/ouath2.py | 96.92% <100.00%> (+0.92%) |
:arrow_up: |
app/routers/reset_password.py | 100.00% <100.00%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 31e231c...846f7d2. Read the comment docs.
Still WIP?
Still WIP? Not anymore
Looks like great start!
Currently, It's hard to understand where the authentication of the user happens. Why are we creating a JWT token for someone who doesn't logged in yet?
The jwt token is sent by mail to the user. It's purpose is to verify that the user is using the mail address he registered with. About the DOMAIN variable, this is what we currently got at config:
About using url_for with the link: I tried to use it, it doesn't work outside the website. When i click the link in the email, i get an error
Reset a password by mail confirmation. In the case of a user have forgotten his password, he can reset it by verifying his mail address. The email verification is done by sending a mail with a link to a reset-password page in our site, containing a jwt-token with the user's unique credentials, and 15 minutes expiration time. Upon clicking that link, decryption of that token will verify and authenticate the user. Then he will be presented with a reset-password form