def get_password_confirmation_url(self, request, user, token=None):
"""Constructs the password confirmation (reset) url.
"""
token_key = (
self.default_token_generator.make_token(user)
if token is None else token
)
if self.is_api:
# TODO: ASK MARK WHAT THIS SHOULD BE?!?
path = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format(
key=token_key, uid=rest_encode_user_pk(user)
)
else:
path = reverse(
"account_reset_password_from_key",
kwargs={
"key": token_key, "uidb36": user_pk_to_url_str(user)
},
)
if self.is_api and "HTTP_ORIGIN" in request.META:
# request originates from a client on a different domain...
url = urljoin(request.META['HTTP_ORIGIN'], path)
else:
url = build_absolute_uri(request, path)
return url
def test_password_verify_reset(self, user):
"""
tests that resetting the password via an email link works.
(the email link should open a client page that eventually
makes a post to the view being tested here.)
"""
password = generate_password()
token_key = get_adapter().default_token_generator.make_token(user)
uid = rest_encode_user_pk(user)
url = reverse("rest_password_reset_confirm")
client = APIClient()
invalid_data = {
"new_password1": password,
"new_password2": password,
"uid": shuffle_string(uid),
"token": shuffle_string(token_key),
}
valid_data = {
"new_password1": password,
"new_password2": password,
"uid": uid,
"token": token_key,
}
invalid_data = {
"new_password1": password,
"new_password2": password,
"uid": shuffle_string(uid),
"token": shuffle_string(token_key),
}
# passing invalid data doesn't change pwd...
response = client.post(url, invalid_data)
user.refresh_from_db()
assert status.is_client_error(response.status_code)
assert user.check_password(user.raw_password)
# passing valid data does change pwd...
response = client.post(url, valid_data)
user.refresh_from_db()
assert status.is_success(response.status_code)
assert user.check_password(password)
def test_password_reset_sends_email(self, user):
url = reverse("rest_password_reset")
client = APIClient()
response = client.post(url, {"email": user.email})
assert status.is_success(response.status_code)
token_generator = get_adapter().default_token_generator
reset_url = app_settings.ACCOUNT_CONFIRM_PASSWORD_CLIENT_URL.format(
key=token_generator.make_token(user),
uid=rest_encode_user_pk(user))
email = mail.outbox[0]
assert user.email in email.to
assert reset_url in email.body
def test_confirm_invalid_password(self, user):
client = APIClient()
uid = rest_encode_user_pk(user)
token_key = get_adapter().default_token_generator.make_token(user)
test_data = {
"new_password1": "password",
"new_password2": "password",
"uid": uid,
"token": token_key,
}
INVALID_PASSWORD_ERROR_RESPONSE = {
"errors": {
"new_password2": ["The password must not be weak."]
}
}
response = client.post(self.reset_confirm_url, test_data)
assert status.is_client_error(response.status_code)
assert response.json() == INVALID_PASSWORD_ERROR_RESPONSE
def test_password_verify_reset_returns_user(self, user):
"""
tests that resetting the password returns UserSerializerLite
in the response
"""
password = generate_password()
token_key = get_adapter().default_token_generator.make_token(user)
uid = rest_encode_user_pk(user)
url = reverse("rest_password_reset_confirm")
client = APIClient()
data = {
"new_password1": password,
"new_password2": password,
"uid": uid,
"token": token_key,
}
response = client.post(url, data)
content = response.json()
assert status.is_success(response.status_code)
assert content["user"]["email"] == user.email
def test_confirm_invalid_key(self, user):
client = APIClient()
password = generate_password()
token_key = get_adapter().default_token_generator.make_token(user)
uid = rest_encode_user_pk(user)
test_data = {
"new_password1": password,
"new_password2": password,
"uid": uid,
"token": shuffle_string(token_key),
}
INVALID_KEY_ERROR_RESPONSE = {
"errors": {
"token": ["The link is broken or expired."]
}
}
response = client.post(self.reset_confirm_url, test_data)
assert status.is_client_error(response.status_code)
assert response.json() == INVALID_KEY_ERROR_RESPONSE
def test_user_encoding_and_decoding(user):
encoded_uid = rest_encode_user_pk(user)
decoded_uid = rest_decode_user_pk(encoded_uid)
assert encoded_uid != str(user.pk)
assert decoded_uid == str(user.pk)