def test_returns_an_403_when_using_old_user_uuid(self, current_user, client):
"""Returns an access denied when old uuid is used in token"""
token = authentication.encode_token(current_user.email, "password-reset")
client.delete("/account/token")
res = client.get(f"/account/confirm/{token}")
assert res.status_code == 403
def test_generate_url(self):
# Ensure generate_url behaves as expected.
token = authentication.encode_token("*****@*****.**")
url = url_for("account.confirm", token=token, _external=True)
url_token = url.split("/")[-1] # the last one
assert token == url_token
email = authentication.decode_token(url_token)
assert email == "*****@*****.**"
def test_correct_status_code_when_confirming_a_email_confirm_token(
self, unauthenticated_client, session):
"""Returns a redirect to /login when confirming an email-confirm token"""
user = UnconfirmedUserFactory(email="*****@*****.**")
session.add(user)
session.flush()
token = authentication.encode_token(user.uuid, "email-confirm-salt")
res = unauthenticated_client.get(f"/account/confirm/{token}")
assert res.status_code == 204
def test_returns_an_access_token_when_confirming_a_password_reset_token(
self, app, unauthenticated_client):
"""Returns an access_token JWT when confirms a password_reset token """
token = authentication.encode_token("*****@*****.**",
"password-reset-salt")
res = unauthenticated_client.get(f"/account/confirm/{token}")
assert res.status_code == 200
json_response = res.get_json()
assert "access_token" in json_response
assert "refresh_token" not in json_response
assert jwt.decode(
json_response["access_token"],
app.config["JWT_SECRET_KEY"])["user_claims"]["scopes"] == [
"update:user:new_password"
]
def generate_confirmation_url(self, salt):
token = encode_token(self.user.uuid, salt)
return current_app.config["CONFIRM_URL"].format(token)
def test_verify_token(self):
# Ensure encode and decode behave correctly.
token = authentication.encode_token("*****@*****.**")
email = authentication.decode_token(token)
assert email == "*****@*****.**"
def test_token_is_unique(self):
# Ensure tokens are unique.
token1 = authentication.encode_token("*****@*****.**")
token2 = authentication.encode_token("*****@*****.**")
assert token1 != token2
def test_verify_expired_token(self):
# Ensure encode and decode behave correctly when token has expired.
token = authentication.encode_token("*****@*****.**")
time.sleep(1)
email = authentication.decode_token(token, expiration=0)
assert email is False
