Add landing page after password reset

CHANGELOG.md

@@ -8,7 +8,7 @@ Please add a _short_ line describing the PR you make, if the PR implements a spe
 * Create endpoint for renewing users project access, e.g. after password reset ([886](https://github.com/ScilifelabDataCentre/dds_web/pull/885))
 * Added tests for web login and change password ([900](https://github.com/ScilifelabDataCentre/dds_web/pull/900))
 * Size-based log rotation working (15*1MiB)[#897](https://github.com/ScilifelabDataCentre/dds_web/pull/897))
-* Added check for project status in RemoveContents endpoint as outlined in [issue 898](https://github.com/ScilifelabDataCentre/dds_web/issues/898) ([PR899](https://github.com/ScilifelabDataCentre/dds_web/pull/899)). 
+* Added check for project status in RemoveContents endpoint as outlined in [issue 898](https://github.com/ScilifelabDataCentre/dds_web/issues/898) ([PR899](https://github.com/ScilifelabDataCentre/dds_web/pull/899)).
 * Implemented the functionality to add project to the invites of a new user as outlined in [issue 887](https://github.com/scilifelabdatacentre/dds_web/issues/887) ([PR888](https://github.com/ScilifelabDataCentre/dds_web/pull/888)).
 * Changed and fixed the implementation of password reset ([#891](https://github.com/ScilifelabDataCentre/dds_web/pull/891)
 * Changed log rotation to standard format and set maximum to 1MiB per file, max 15 files ([897](https://github.com/ScilifelabDataCentre/dds_web/pull/897))
@@ -17,4 +17,5 @@ Please add a _short_ line describing the PR you make, if the PR implements a spe
 * Add support for database migrations using flask-migrate/Alembic ([#890](https://github.com/ScilifelabDataCentre/dds_web/pull/890))
 * Invite Researchers to projects ([911](https://github.com/ScilifelabDataCentre/dds_web/pull/911))
 * Changed `is_sensitive` to `non_sensitive` and set to default False ([#913](https://github.com/ScilifelabDataCentre/dds_web/pull/913))
-* Rearrangement and clean up of the token ([910](https://github.com/ScilifelabDataCentre/dds_web/pull/910))
+* Rearrangement and clean up of the token ([910](https://github.com/ScilifelabDataCentre/dds_web/pull/910))
+* Add landing page after password reset ([931](https://github.com/ScilifelabDataCentre/dds_web/pull/931))

dds_web/templates/user/password_reset_completed.html

@@ -0,0 +1,35 @@
+{% extends "bootstrap/base.html" %}
+
+{% block content %}
+<title>Password Updated!</title>
+<body>
+    <h1>Password updated!</h1>
+    {% with messages = get_flashed_messages(with_categories=true) %}
+    {% if messages %}
+    <div class=flashes>
+        {% for category, message in messages %}
+        <div class="alert alert-{{category}}" role="alert">
+            {{ message }}
+        </div>
+        {% endfor %}
+    </div>
+    {% endif %}
+    {% endwith %}
+    <p><b>You have lost access to your active projects when you reset your password.</b></p>
+    <p>Please contact the units where you have active projects to restore your access.</p>
+
+    <p>You have active projects in<p>
+    <ul>
+      {% for unit_name, contact in units_to_contact.items()%}
+        <li>{{ unit_name }}: {{ contact }}</li>
+      {% endfor %}
+    </ul>
+
+    <small class="text-muted ml-2">
+        <a href="{{ url_for('auth_blueprint.login')
+            }}">
+            Back to Login
+        </a>
+    </small>
+
+{% endblock %}

dds_web/web/user.py

@@ -379,12 +379,41 @@ def reset_password(token):
         db.session.commit()
 
         flask.flash("Your password has been updated! You are now able to log in.", "success")
-        return flask.redirect(flask.url_for("auth_blueprint.login"))
+        flask.session["reset_token"] = token
+        return flask.redirect(flask.url_for("auth_blueprint.password_reset_completed"))
 
     # Go to form
     return flask.render_template("user/reset_password.html", form=form)
 
 
+@auth_blueprint.route("/password_reset_completed", methods=["GET"])
+@logging_bind_request
+def password_reset_completed():
+    """Landing page after password reset"""
+
+    token = flask.session["reset_token"]
+    flask.session.pop("reset_token", None)
+    try:
+        user = dds_web.security.auth.verify_password_reset_token(token=token)
+        if not user.is_active:
+            flask.flash("Your account is not active.", "warning")
+            return flask.redirect(flask.url_for("auth_blueprint.index"))
+    except ddserr.AuthenticationError:
+        flask.flash("That is an invalid or expired token", "warning")
+        return flask.redirect(flask.url_for("auth_blueprint.index"))
+
+    units_to_contact = {}
+    for project in user.projects:
+        if project.responsible_unit.external_display_name not in units_to_contact:
+            units_to_contact[
+                project.responsible_unit.external_display_name
+            ] = project.responsible_unit.contact_email
+
+    return flask.render_template(
+        "user/password_reset_completed.html", units_to_contact=units_to_contact
+    )
+
+
 @auth_blueprint.route("/change_password", methods=["GET", "POST"])
 @flask_login.login_required
 def change_password():

tests/__init__.py

@@ -135,6 +135,7 @@ class DDSEndpoint:
     USER_NEW = "/register"
     REQUEST_RESET_PASSWORD = "/reset_password"
     RESET_PASSWORD = "/reset_password/"
+    PASSWORD_RESET_COMPLETED = "/password_reset_completed"
 
     # User INFO
     USER_INFO = BASE_ENDPOINT + "/user/info"

tests/test_user_reset_password.py

@@ -233,7 +233,7 @@ def test_reset_password_researchuser(client):
         tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, json=form_data, follow_redirects=True
     )
     assert response.status_code == http.HTTPStatus.OK
-    assert flask.request.path == tests.DDSEndpoint.LOGIN
+    assert flask.request.path == tests.DDSEndpoint.PASSWORD_RESET_COMPLETED
 
     user = models.User.query.filter_by(username="researchuser").first()
 
@@ -285,7 +285,7 @@ def test_reset_password_project_owner(client):
         tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, json=form_data, follow_redirects=True
     )
     assert response.status_code == http.HTTPStatus.OK
-    assert flask.request.path == tests.DDSEndpoint.LOGIN
+    assert flask.request.path == tests.DDSEndpoint.PASSWORD_RESET_COMPLETED
 
     user = models.User.query.filter_by(username="projectowner").first()
 
@@ -337,7 +337,7 @@ def test_reset_password_unituser(client):
         tests.DDSEndpoint.RESET_PASSWORD + valid_reset_token, json=form_data, follow_redirects=True
     )
     assert response.status_code == http.HTTPStatus.OK
-    assert flask.request.path == tests.DDSEndpoint.LOGIN
+    assert flask.request.path == tests.DDSEndpoint.PASSWORD_RESET_COMPLETED
 
     user = models.User.query.filter_by(username="unituser").first()