From e97407058522b1c1bb5668317c3f76de6d5575b4 Mon Sep 17 00:00:00 2001
From: Holger Frey <mail@holgerfrey.de>
Date: Mon, 23 Oct 2017 11:21:51 +0200
Subject: [PATCH] registration verification mail contains link expiry datetime

---
 ordr2/templates/emails/registration.jinja2 | 3 ++-
 ordr2/views/account.py                     | 4 ++--
 tests/events.py                            | 7 +++++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ordr2/templates/emails/registration.jinja2 b/ordr2/templates/emails/registration.jinja2
index f50fb91..d6c0e47 100755
--- a/ordr2/templates/emails/registration.jinja2
+++ b/ordr2/templates/emails/registration.jinja2
@@ -9,8 +9,9 @@
   	<h1>Hi there!</h1>
   	<p>
   		Please verify your email address for the account "{{ user.user_name }}" by following this link
-  		<a href="{{ request.resource_url(context, data.hash) }}">{{ request.resource_url(context, data.hash) }}</a>
+  		<a href="{{ request.resource_url(context, data.token.hash) }}">{{ request.resource_url(context, data.token.hash) }}</a>
 	</p>
+	<p> The link will expire on {{ data.token.expires.strftime('%d.%m.%y at %H:%M') }}.
 	<p class="signature">
 		Regards,
 		<br/>
diff --git a/ordr2/views/account.py b/ordr2/views/account.py
index 220c4c2..554a91a 100644
--- a/ordr2/views/account.py
+++ b/ordr2/views/account.py
@@ -95,8 +95,8 @@ def registration_form_processing(context, request):
     request.dbsession.add(account)
 
     # create a verify-new-account token and send email
-    hash = account.issue_token(request, TokenSubject.USER_REGISTRATION)
-    notification = CompleteRegistration(request, account, {'hash': hash})
+    token = account.issue_token(request, TokenSubject.USER_REGISTRATION)
+    notification = CompleteRegistration(request, account, {'token': token})
     request.registry.notify(notification)
 
     # issue a warning on a short password
diff --git a/tests/events.py b/tests/events.py
index adce141..3a03987 100644
--- a/tests/events.py
+++ b/tests/events.py
@@ -2,6 +2,7 @@
 
 import pytest
 
+from datetime import datetime
 from pyramid.testing import DummyRequest
 from pyramid_mailer import get_mailer
 
@@ -21,13 +22,15 @@ def test_user_notification_init():
 
 def test_notify_user(app_config):
     from ordr2.events import CompleteRegistration, notify_user
+    from ordr2.models.account import Token
 
     request = DummyRequest()
     user = get_user('user')
-    notification = CompleteRegistration(request, user, {'hash': 'something'})
+    token = Token(expires=datetime.utcnow(), hash='some_hash')
+    notification = CompleteRegistration(request, user, {'token': token})
     notify_user(notification)
     mailer = get_mailer(request.registry)
     last_mail = mailer.outbox[-1]
 
     assert 'Please verify your email address ' in last_mail.html
-    assert 'http://example.com//something' in last_mail.html
+    assert 'http://example.com//some_hash' in last_mail.html