def test_send_reset_password_email(data_fixture, mailoutbox):
user = data_fixture.create_user(email='test@localhost')
handler = UserHandler()
signer = handler.get_reset_password_signer()
handler.send_reset_password_email(user, 'http://localhost/reset-password')
assert len(mailoutbox) == 1
email = mailoutbox[0]
assert email.subject == 'Reset password'
assert email.from_email == 'no-reply@localhost'
assert 'test@localhost' in email.to
html_body = email.alternatives[0][0]
search_url = 'http://localhost/reset-password/'
start_url_index = html_body.index(search_url)
assert start_url_index != -1
end_url_index = html_body.index('"', start_url_index)
token = html_body[start_url_index + len(search_url):end_url_index]
user_id = signer.loads(token)
assert user_id == user.id
def test_reset_password(data_fixture):
user = data_fixture.create_user(email='test@localhost')
handler = UserHandler()
signer = handler.get_reset_password_signer()
with pytest.raises(BadSignature):
handler.reset_password('test', 'test')
assert not user.check_password('test')
with freeze_time('2020-01-01 12:00'):
token = signer.dumps(9999)
with freeze_time('2020-01-02 12:00'):
with pytest.raises(UserNotFound):
handler.reset_password(token, 'test')
assert not user.check_password('test')
with freeze_time('2020-01-01 12:00'):
token = signer.dumps(user.id)
with freeze_time('2020-01-04 12:00'):
with pytest.raises(SignatureExpired):
handler.reset_password(token, 'test')
assert not user.check_password('test')
with freeze_time('2020-01-02 12:00'):
user = handler.reset_password(token, 'test')
assert user.check_password('test')
def test_send_reset_password_email(data_fixture, mailoutbox):
user = data_fixture.create_user(email="test@localhost")
handler = UserHandler()
with pytest.raises(BaseURLHostnameNotAllowed):
handler.send_reset_password_email(user,
"http://test.nl/reset-password")
signer = handler.get_reset_password_signer()
handler.send_reset_password_email(user,
"http://*****:*****@localhost"
assert "test@localhost" in email.to
html_body = email.alternatives[0][0]
search_url = "http://localhost:3000/reset-password/"
start_url_index = html_body.index(search_url)
assert start_url_index != -1
end_url_index = html_body.index('"', start_url_index)
token = html_body[start_url_index + len(search_url):end_url_index]
user_id = signer.loads(token)
assert user_id == user.id
def test_password_reset(data_fixture, client):
user = data_fixture.create_user(email='test@localhost')
handler = UserHandler()
signer = handler.get_reset_password_signer()
response = client.post(reverse('api:user:reset_password'), {},
format='json')
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json['error'] == 'ERROR_REQUEST_BODY_VALIDATION'
response = client.post(reverse('api:user:reset_password'), {
'token': 'test',
'password': '******'
},
format='json')
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json['error'] == 'BAD_TOKEN_SIGNATURE'
with freeze_time('2020-01-01 12:00'):
token = signer.dumps(user.id)
with freeze_time('2020-01-04 12:00'):
response = client.post(reverse('api:user:reset_password'), {
'token': token,
'password': '******'
},
format='json')
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json['error'] == 'EXPIRED_TOKEN_SIGNATURE'
with freeze_time('2020-01-01 12:00'):
token = signer.dumps(9999)
with freeze_time('2020-01-02 12:00'):
response = client.post(reverse('api:user:reset_password'), {
'token': token,
'password': '******'
},
format='json')
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json['error'] == 'ERROR_USER_NOT_FOUND'
with freeze_time('2020-01-01 12:00'):
token = signer.dumps(user.id)
with freeze_time('2020-01-02 12:00'):
response = client.post(reverse('api:user:reset_password'), {
'token': token,
'password': '******'
},
format='json')
assert response.status_code == 204
user.refresh_from_db()
assert user.check_password('test')
def test_password_reset(data_fixture, client):
user = data_fixture.create_user(email="test@localhost")
handler = UserHandler()
signer = handler.get_reset_password_signer()
response = client.post(reverse("api:user:reset_password"), {},
format="json")
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_REQUEST_BODY_VALIDATION"
response = client.post(
reverse("api:user:reset_password"),
{
"token": "test",
"password": "******"
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "BAD_TOKEN_SIGNATURE"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(user.id)
with freeze_time("2020-01-04 12:00"):
response = client.post(
reverse("api:user:reset_password"),
{
"token": token,
"password": "******"
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "EXPIRED_TOKEN_SIGNATURE"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(9999)
with freeze_time("2020-01-02 12:00"):
response = client.post(
reverse("api:user:reset_password"),
{
"token": token,
"password": "******"
},
format="json",
)
response_json = response.json()
assert response.status_code == HTTP_400_BAD_REQUEST
assert response_json["error"] == "ERROR_USER_NOT_FOUND"
with freeze_time("2020-01-01 12:00"):
token = signer.dumps(user.id)
with freeze_time("2020-01-02 12:00"):
response = client.post(
reverse("api:user:reset_password"),
{
"token": token,
"password": "******"
},
format="json",
)
assert response.status_code == 204
user.refresh_from_db()
assert user.check_password("test")