def test_reset_email(self, app, user_class, db, tmpdir):
"""
This test verifies email based password reset functions as expected.
This includes sending messages with valid time expiring JWT tokens
and ensuring the body matches the expected body, as well
as token validation.
"""
template = """
<!doctype html>
<html>
<head><title>Reset Password</title></head>
<body>{{ token }}</body>
</html>
"""
template_file = tmpdir.join('test_template.html')
template_file.write(template)
app.config['TESTING'] = True
app.config['PRAETORIAN_EMAIL_TEMPLATE'] = str(template_file)
app.config['PRAETORIAN_RESET_ENDPOINT'] = 'unprotected'
default_guard = Praetorian(app, user_class)
# create our default test user
the_dude = user_class(username='******')
db.session.add(the_dude)
db.session.commit()
with app.mail.record_messages() as outbox:
# test a bad username
with pytest.raises(MissingUserError):
notify = default_guard.send_reset_email(
email='*****@*****.**',
reset_sender='*****@*****.**',
)
# test a good username
notify = default_guard.send_reset_email(
email=the_dude.username,
reset_sender='*****@*****.**',
)
token = notify['token']
# test our own interpretation and what we got back from flask_mail
assert token in notify['message']
assert notify['message'] == outbox[0].html
assert not notify['result']
# test our token is good
jwt_data = default_guard.extract_jwt_token(
notify['token'],
access_type=AccessType.reset,
)
assert jwt_data[IS_RESET_TOKEN_CLAIM]
validated_user = default_guard.validate_reset_token(token)
assert validated_user == the_dude
def test_registration_email(self, app, user_class, db, tmpdir):
"""
This test verifies email based registration functions as expected.
This includes sending messages with valid time expiring JWT tokens
and ensuring the body matches the expected body, as well
as token validation.
"""
template = """
<!doctype html>
<html>
<head><title>Email Verification</title></head>
<body>{{ token }}</body>
</html>
"""
template_file = tmpdir.join('test_template.html')
template_file.write(template)
app.config['TESTING'] = True
app.config['PRAETORIAN_EMAIL_TEMPLATE'] = str(template_file)
app.config['PRAETORIAN_CONFIRMATION_ENDPOINT'] = 'unprotected'
default_guard = Praetorian(app, user_class)
# create our default test user
the_dude = user_class(username='******')
db.session.add(the_dude)
db.session.commit()
with app.mail.record_messages() as outbox:
notify = default_guard.send_registration_email(
'*****@*****.**',
user=the_dude,
confirmation_sender='*****@*****.**',
)
token = notify['token']
# test our own interpretation and what we got back from flask_mail
assert token in notify['message']
assert notify['message'] == outbox[0].html
assert not notify['result']
# test our token is good
jwt_data = default_guard.extract_jwt_token(
notify['token'],
access_type=AccessType.register,
)
assert jwt_data[IS_REGISTRATION_TOKEN_CLAIM]