forgotten password routine

cutt/mail.py

@@ -1,10 +1,13 @@
 from email.message import EmailMessage
 from email.utils import formataddr
+from random import random
 import smtplib
 import os
 import ssl
+from time import sleep
 from dotenv import load_dotenv
-from fastapi import Response, status
+from fastapi.responses import PlainTextResponse
+from pydantic import BaseModel
 from sqlmodel import Session, select
 from cutt.db import Player, TokenDB, engine
 from cutt.security import set_password_token
@@ -23,10 +26,14 @@ def generate_password_link(user: Player):
         return f"https://cutt.0124816.xyz/setpassword?token={token}"
 
 
-def send_forgotten_password_link(email: str):
+class EmailRequest(BaseModel):
+    email: str
+
+
+def send_forgotten_password_link(email: EmailRequest):
     with Session(engine) as session:
         user = session.exec(
-            select(P).where(P.email == email, P.disabled != True)
+            select(P).where(P.email == email.email, P.disabled != True)
         ).one_or_none()
         if user and user.email:
             link = generate_password_link(user)
@@ -51,8 +58,9 @@ def send_forgotten_password_link(email: str):
                 server.starttls(context=context)
                 server.login(os.environ["SMTP_USER"], os.environ["SMTP_PASS"])
                 server.send_message(msg)
+        else:
+            sleep(random())
 
-    return Response(
-        "a link will be sent to this email, if it belongs to an existing user.",
-        status_code=status.HTTP_200_OK,
+    return PlainTextResponse(
+        "a link will be sent to this email, if it belongs to an existing user."
     )