def test_forgot_password_creates_no_activations_when_validation_fails(activation_model):
request = DummyRequest(method='POST')
controller = ForgotPasswordController(request)
controller.form = invalid_form()
controller.forgot_password()
assert activation_model.call_count == 0
def test_forgot_password_returns_form_when_validation_fails():
request = DummyRequest(method='POST')
controller = ForgotPasswordController(request)
controller.form = invalid_form()
result = controller.forgot_password()
assert result == {'form': 'invalid form'}
def test_forgot_password_returns_form_when_validation_fails(authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
controller = ForgotPasswordController(request)
controller.form = invalid_form()
result = controller.forgot_password()
assert result == {'form': 'invalid form'}
def test_forgot_password_returns_form_when_validation_fails(authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
controller = ForgotPasswordController(request)
controller.form = invalid_form()
result = controller.forgot_password()
assert result == {'form': 'invalid form'}
def test_forgot_password_creates_no_activations_when_validation_fails(activation_model,
authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
controller = ForgotPasswordController(request)
controller.form = invalid_form()
controller.forgot_password()
assert activation_model.call_count == 0
def test_forgot_password_redirects_on_success(authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
result = controller.forgot_password()
assert isinstance(result, httpexceptions.HTTPRedirection)
def test_forgot_password_creates_no_activations_when_validation_fails(activation_model,
authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
controller = ForgotPasswordController(request)
controller.form = invalid_form()
controller.forgot_password()
assert activation_model.call_count == 0
def test_forgot_password_redirects_on_success():
request = DummyRequest(method='POST')
request.registry.password_reset_serializer = FakeSerializer()
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
result = controller.forgot_password()
assert isinstance(result, httpexceptions.HTTPRedirection)
def test_forgot_password_generates_reset_link(reset_link):
request = DummyRequest(method='POST')
request.registry.password_reset_serializer = FakeSerializer()
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
controller.forgot_password()
reset_link.assert_called_with(request, "faketoken")
def test_forgot_password_sends_mail(reset_mail, authn_policy, mailer):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
message = reset_mail.return_value
controller.forgot_password()
assert message in mailer.outbox
def test_forgot_password_generates_reset_link_from_activation(reset_link,
activation_model,
authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
activation_model.return_value.code = "abcde12345"
controller.forgot_password()
reset_link.assert_called_with(request, "abcde12345")
def test_forgot_password_creates_activation_for_user(activation_model,
authn_policy):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
activation = activation_model.return_value
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
controller.forgot_password()
activation_model.assert_called_with()
assert activation in request.db.added
assert user.activation == activation
def test_forgot_password_generates_mail(reset_link,
reset_mail,
activation_model,
authn_policy):
request = DummyRequest(method='POST')
request.registry.password_reset_serializer = FakeSerializer()
authn_policy.authenticated_userid.return_value = None
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
reset_link.return_value = "http://example.com"
controller.forgot_password()
reset_mail.assert_called_with(user, "faketoken", "http://example.com")
def test_reset_password_redirects_on_success(form_validator):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
form_validator.return_value = (None, {"password": "******"})
result = ForgotPasswordController(request).reset_password()
assert isinstance(result, httpexceptions.HTTPRedirection)
def test_reset_password_not_found_if_user_not_found(user_model):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
user_model.get_by_activation.return_value = None
result = ForgotPasswordController(request).reset_password()
assert isinstance(result, httpexceptions.HTTPNotFound)
def test_reset_password_looks_up_code_in_database(activation_model):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
activation_model.get_by_code.return_value = None
result = ForgotPasswordController(request).reset_password()
activation_model.get_by_code.assert_called_with('abc123')
def test_reset_password_returns_error_on_error(form_validator):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
form_validator.return_value = ({"errors": "KABOOM!"}, None)
result = ForgotPasswordController(request).reset_password()
assert result == {"errors": "KABOOM!"}
def test_forgot_password_form_redirects_when_logged_in(authn_policy):
request = DummyRequest()
authn_policy.authenticated_userid.return_value = "acct:[email protected]"
result = ForgotPasswordController(request).forgot_password_form()
assert isinstance(result, httpexceptions.HTTPFound)
def test_reset_password_deletes_activation(activation_model, form_validator):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
form_validator.return_value = (None, {"password": "******"})
activation = activation_model.get_by_code.return_value
ForgotPasswordController(request).reset_password()
assert activation in request.db.deleted
def test_forgot_password_redirects_on_success(authn_policy, form_validator):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
result = ForgotPasswordController(request).forgot_password()
assert isinstance(result, httpexceptions.HTTPRedirection)
def test_forgot_password_generates_mail(reset_link,
reset_mail,
activation_model):
request = DummyRequest(method='POST')
request.registry.password_reset_serializer = FakeSerializer()
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
reset_link.return_value = "http://example.com"
reset_mail.return_value = {
'recipients': [],
'subject': '',
'body': ''
}
controller.forgot_password()
reset_mail.assert_called_with(user, "faketoken", "http://example.com")
def test_forgot_password_returns_error_when_validation_fails(
authn_policy, form_validator):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = ({"errors": "KABOOM!"}, None)
result = ForgotPasswordController(request).forgot_password()
assert result == {"errors": "KABOOM!"}
def test_reset_password_emits_event(event, form_validator, notify, user_model):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
form_validator.return_value = (None, {"password": "******"})
elephant = FakeUser(password='******')
user_model.get_by_activation.return_value = elephant
ForgotPasswordController(request).reset_password()
event.assert_called_with(request, elephant)
notify.assert_called_with(event.return_value)
def test_reset_password_sets_user_password_from_form(form_validator,
user_model):
request = DummyRequest(method='POST', matchdict={'code': 'abc123'})
form_validator.return_value = (None, {"password": "******"})
elephant = FakeUser(password='******')
user_model.get_by_activation.return_value = elephant
ForgotPasswordController(request).reset_password()
assert elephant.password == 's3cure!'
def test_forgot_password_fetches_user_by_form_email(authn_policy,
form_validator,
user_model):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
ForgotPasswordController(request).forgot_password()
user_model.get_by_email.assert_called_with("*****@*****.**")
def test_forgot_password_generates_reset_link_from_activation(
reset_link, activation_model, authn_policy, form_validator):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
activation_model.return_value.code = "abcde12345"
ForgotPasswordController(request).forgot_password()
reset_link.assert_called_with(request, "abcde12345")
def test_forgot_password_sends_mail(reset_mail, mailer):
request = DummyRequest(method='POST')
request.registry.password_reset_serializer = FakeSerializer()
user = FakeUser(username='******', email='*****@*****.**')
controller = ForgotPasswordController(request)
controller.form = form_validating_to({"user": user})
message = reset_mail.return_value
reset_mail.return_value = {
'recipients': ['*****@*****.**'],
'subject': 'subject',
'body': 'body'
}
controller.forgot_password()
mailer.send.assert_called_once_with(request,
recipients=['*****@*****.**'],
subject='subject',
body='body')
def test_forgot_password_sends_mail(reset_mail, authn_policy, mailer,
form_validator):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
message = reset_mail.return_value
ForgotPasswordController(request).forgot_password()
assert message in mailer.outbox
def test_forgot_password_generates_mail(reset_link, reset_mail,
activation_model, authn_policy,
form_validator, user_model):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
activation_model.return_value.code = "abcde12345"
reset_link.return_value = "http://example.com"
giraffe = FakeUser()
user_model.get_by_email.return_value = giraffe
ForgotPasswordController(request).forgot_password()
reset_mail.assert_called_with(giraffe, "abcde12345", "http://example.com")
def test_forgot_password_creates_activation_for_user(activation_model,
authn_policy,
form_validator,
user_model):
request = DummyRequest(method='POST')
authn_policy.authenticated_userid.return_value = None
form_validator.return_value = (None, {"email": "*****@*****.**"})
ForgotPasswordController(request).forgot_password()
user = user_model.get_by_email.return_value
activation = activation_model.return_value
activation_model.assert_called_with()
assert activation in request.db.added
assert user.activation == activation
def test_forgot_password_form_redirects_when_logged_in(authn_policy):
request = DummyRequest()
authn_policy.authenticated_userid.return_value = "acct:[email protected]"
with pytest.raises(httpexceptions.HTTPFound):
ForgotPasswordController(request).forgot_password_form()
def test_reset_password_forbids_GET():
request = DummyRequest(matchdict={'code': 'abc123'})
result = ForgotPasswordController(request).reset_password()
assert isinstance(result, httpexceptions.HTTPMethodNotAllowed)
def test_reset_password_not_found_if_code_missing():
request = DummyRequest(method='POST')
result = ForgotPasswordController(request).reset_password()
assert isinstance(result, httpexceptions.HTTPNotFound)