feat: allow creation fake tokens in test/demo environments

activate_account_project/settings/base.py

@@ -19,6 +19,7 @@ DATABASES = {
 
 DATA_MANAGER_ENABLED = False
 DATA_MANAGER_READ_ONLY = True
+FAKE_RESET_TOKEN_IF_MISSING = False
 
 # If the EXTRA_SETTINGS_URLS environment variable is set, it is a comma-separated list of URLs from
 # which to fetch additional settings as YAML-formatted documents. The documents should be
@@ -44,6 +45,7 @@ externalsettings.load_external_settings(
         "EMAIL_PORT",
         "DATA_MANAGER_ENABLED",
         "DATA_MANAGER_READ_ONLY",
+        "FAKE_RESET_TOKEN_IF_MISSING",
     ],
 )
 

api/v1alpha/views.py

@@ -3,6 +3,10 @@ Views implementing the API endpoints.
 
 """
 
+import random
+from string import ascii_uppercase, digits
+
+from django.conf import settings
 from drf_spectacular.utils import OpenApiResponse, extend_schema
 from rest_framework import exceptions, generics, status
 
@@ -75,6 +79,16 @@ class ResetTokenView(generics.RetrieveAPIView):
         try:
             return get_reset_token(self.request.user.crsid)
         except PasswordAppNotFound:
+            # To aid demo/testing purposes, we can fake a reset token if the Password App can't
+            # find the user
+            if settings.FAKE_RESET_TOKEN_IF_MISSING:
+                return "-".join(
+                    [
+                        "".join([random.choice(digits + ascii_uppercase) for _ in range(4)])
+                        for _ in range(3)
+                    ]
+                    + ["FAKE"]  # Help developers identify fake tokens
+                )
             # Raising a validation error here rather than a 404 which could be misunderstand as
             # the endpoint not existing
             raise exceptions.ValidationError({"crsid": "Password App was unable to find the user"})