fossasia · abhinavk96 · Jan 30, 2019 · Jan 30, 2019
diff --git a/app/api/auth.py b/app/api/auth.py
@@ -18,7 +18,7 @@
 from app.api.helpers.utilities import get_serializer, str_generator
 from app.models import db
 from app.models.mail import PASSWORD_RESET, PASSWORD_CHANGE, \
-    USER_REGISTER_WITH_PASSWORD
+    USER_REGISTER_WITH_PASSWORD, PASSWORD_RESET_AND_VERIFY
 from app.models.notification import PASSWORD_CHANGE as PASSWORD_CHANGE_NOTIF
 from app.models.user import User
 
@@ -207,7 +207,10 @@ def reset_password_post():
         return NotFoundError({'source': ''}, 'User not found').respond()
     else:
         link = make_frontend_url('/reset-password', {'token': user.reset_password})
-        send_email_with_action(user, PASSWORD_RESET, app_name=get_settings()['app_name'], link=link)
+        if user.was_registered_with_order:
+            send_email_with_action(user, PASSWORD_RESET_AND_VERIFY, app_name=get_settings()['app_name'], link=link)
+        else:
+            send_email_with_action(user, PASSWORD_RESET, app_name=get_settings()['app_name'], link=link)
 
     return make_response(jsonify(message="Email Sent"), 200)
 
@@ -223,6 +226,8 @@ def reset_password_patch():
         return NotFoundError({'source': ''}, 'User Not Found').respond()
     else:
         user.password = password
+        if user.was_registered_with_order:
+            user.is_verified = True
         save_to_db(user)
 
     return jsonify({

diff --git a/app/api/helpers/system_mails.py b/app/api/helpers/system_mails.py
@@ -7,7 +7,7 @@
     SESSION_SCHEDULE, NEXT_EVENT, EVENT_PUBLISH, AFTER_EVENT, USER_CHANGE_EMAIL, USER_REGISTER_WITH_PASSWORD, \
     TICKET_PURCHASED, EVENT_EXPORTED, EVENT_EXPORT_FAIL, MAIL_TO_EXPIRED_ORDERS, MONTHLY_PAYMENT_EMAIL, \
     MONTHLY_PAYMENT_FOLLOWUP_EMAIL, EVENT_IMPORTED, EVENT_IMPORT_FAIL, TICKET_PURCHASED_ORGANIZER, TICKET_CANCELLED, \
-    TICKET_PURCHASED_ATTENDEE, PASSWORD_CHANGE
+    TICKET_PURCHASED_ATTENDEE, PASSWORD_CHANGE, PASSWORD_RESET_AND_VERIFY
 
 MAILS = {
     EVENT_PUBLISH: {
@@ -114,6 +114,15 @@
             u"Please use the following link to reset your password.<br> <a href='{link}' target='_blank'>{link}</a>"
         )
     },
+    PASSWORD_RESET_AND_VERIFY: {
+        'recipient': 'User',
+        'subject': u'{app_name}: Reset your password and verify your account',
+        'message': (
+            u"Please use the following link to reset your password and verify your account." +
+            "<br> <a href='{link}' target='_blank'>{link}</a>"
+        )
+
+    },
     PASSWORD_CHANGE: {
         'recipient': 'User',
         'subject': u'{app_name}: Password Change',

diff --git a/app/api/users.py b/app/api/users.py
@@ -22,7 +22,7 @@
 from app.models.email_notification import EmailNotification
 from app.models.event_invoice import EventInvoice
 from app.models.feedback import Feedback
-from app.models.mail import USER_REGISTER_WITH_PASSWORD
+from app.models.mail import USER_REGISTER_WITH_PASSWORD, PASSWORD_RESET_AND_VERIFY
 from app.models.notification import Notification
 from app.models.session import Session
 from app.models.speaker import Speaker
@@ -37,6 +37,7 @@ class UserList(ResourceList):
     """
     List and create Users
     """
+
     def before_create_object(self, data, view_kwargs):
         """
         method to check if there is an existing user with same email which is received in data to create a new user
@@ -58,12 +59,18 @@ def after_create_object(self, user, data, view_kwargs):
         :param view_kwargs:
         :return:
         """
-        s = get_serializer()
-        hash = str(base64.b64encode(str(s.dumps([user.email, str_generator()])).encode()), 'utf-8')
-        link = make_frontend_url('/verify'.format(id=user.id), {'token': hash})
-        send_email_with_action(user, USER_REGISTER_WITH_PASSWORD, app_name=get_settings()['app_name'],
-                               email=user.email)
-        send_email_confirmation(user.email, link)
+
+        if user.was_registered_with_order:
+            link = make_frontend_url('/reset-password', {'token': user.reset_password})
+            send_email_with_action(user, PASSWORD_RESET_AND_VERIFY, app_name=get_settings()['app_name'],
+                                   email=user.email, link=link)
+        else:
+            s = get_serializer()
+            hash = str(base64.b64encode(str(s.dumps([user.email, str_generator()])).encode()), 'utf-8')
+            link = make_frontend_url('/verify'.format(id=user.id), {'token': hash})
+            send_email_with_action(user, USER_REGISTER_WITH_PASSWORD, app_name=get_settings()['app_name'],
+                                   email=user.email)
+            send_email_confirmation(user.email, link)
 
         if data.get('original_image_url'):
             try:
@@ -90,6 +97,7 @@ class UserDetail(ResourceDetail):
     """
     User detail by id
     """
+
     def before_get(self, args, kwargs):
 
         if current_user.is_admin or current_user.is_super_admin or current_user:
@@ -221,11 +229,11 @@ def after_update_object(self, user, data, view_kwargs):
             send_email_change_user_email(user, view_kwargs.get('email_changed'))
 
     decorators = (api.has_permission('is_user_itself', fetch="user_id,id", fetch_as="user_id",
-                  model=[Notification, Feedback, UsersEventsRoles, Session, EventInvoice, AccessCode,
-                         DiscountCode, EmailNotification, Speaker, User],
-                  fetch_key_url="notification_id, feedback_id, users_events_role_id, session_id, \
+                                     model=[Notification, Feedback, UsersEventsRoles, Session, EventInvoice, AccessCode,
+                                            DiscountCode, EmailNotification, Speaker, User],
+                                     fetch_key_url="notification_id, feedback_id, users_events_role_id, session_id, \
                   event_invoice_id, access_code_id, discount_code_id, email_notification_id, speaker_id, id",
-                  leave_if=lambda a: a.get('attendee_id')), )
+                                     leave_if=lambda a: a.get('attendee_id')),)
     schema = UserSchema
     data_layer = {'session': db.session,
                   'model': User,
@@ -240,7 +248,7 @@ class UserRelationship(ResourceRelationship):
     """
     User Relationship
     """
-    decorators = (is_user_itself, )
+    decorators = (is_user_itself,)
     schema = UserSchema
     data_layer = {'session': db.session,
                   'model': User}

diff --git a/app/models/mail.py b/app/models/mail.py
@@ -11,6 +11,7 @@
 NEXT_EVENT = 'Next Event'
 NEW_SESSION = 'New Session Proposal'
 PASSWORD_RESET = 'Reset Password'
+PASSWORD_RESET_AND_VERIFY = 'Reset Password and Account Verification'
 PASSWORD_CHANGE = 'Change Password'
 EVENT_ROLE = 'Event Role Invitation'
 SESSION_ACCEPT_REJECT = 'Session Accept or Reject'