def _assert_response_is_bad_password(request, expected_error_message):
assert_response_is_bad_request(request)
assert isinstance(request.data, dict)
assert 'password' in request.data
password_errors = request.data['password']
assert len(password_errors) == 1
error_message = password_errors[0]
assert error_message == expected_error_message
def test_when_deprecated_login_serializer_and_invalid_creds_then_failure(
settings_minimal, user, api_view_provider, api_factory):
request = api_factory.create_post_request({
'login': '******',
'password': '******',
})
api_factory.add_session_to_request(request)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
def test_invalid_non_field_errors(settings_minimal, user, password_change,
api_view_provider, api_factory):
request = api_factory.create_post_request({
'login': user.username,
'password': "******",
})
api_factory.add_session_to_request(request)
response = api_view_provider.view_func(request)
assert "non_field_errors" in response.data
assert_response_is_bad_request(response)
def test_when_password_same_as_username_then_failure(
settings_with_reset_password_verification, user, user_signed_data,
old_password, api_view_provider, api_factory):
user_signed_data['password'] = user.username
request = api_factory.create_post_request(user_signed_data)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
user.refresh_from_db()
assert user.check_password(old_password)
def test_when_confirm_enabled_and_no_password_confirm_field_then_failure(
settings_with_reset_password_verification, user, user_signed_data,
old_password, new_password, api_view_provider, api_factory):
user_signed_data['password'] = new_password
request = api_factory.create_post_request(user_signed_data)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
user.refresh_from_db()
assert user.check_password(old_password)
def test_when_faulty_auth_token_manager_then_login_fails(
settings_minimal, user, password_change, api_view_provider,
api_factory):
password = password_change.old_value
request = api_factory.create_post_request({
'login': user.username,
'password': password,
})
api_factory.add_session_to_request(request)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
def test_when_faulty_auth_token_manager_then_logout_fails(
settings_minimal, user, api_view_provider, api_factory):
Token.objects.get_or_create(user=user)
request = api_factory.create_post_request({
'revoke_token': True,
})
force_authenticate(request, user=user)
api_factory.add_session_to_request(request)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
assert response.data['detail'] == 'Authentication token cannot be revoked'
def test_register_email_fail_email_already_used(
settings_with_simple_email_based_user, user, api_view_provider,
api_factory):
request = api_factory.create_post_request({
'email': user.email,
})
force_authenticate(request, user=user)
with capture_sent_emails() as sent_emails:
response = api_view_provider.view_func(request)
assert_no_email_sent(sent_emails)
assert_response_is_bad_request(response)
assert "detail" in response.data
def test_when_confirm_enabled_and_no_password_confirm_field_then_reset_password_fails( # noqa: E501
settings_with_reset_password_verification, user, password_change,
api_view_provider, api_factory):
old_password = password_change.old_value
new_password = password_change.new_value
signer = ResetPasswordSigner({'user_id': user.pk})
data = signer.get_signed_data()
data['password'] = new_password
request = api_factory.create_post_request(data)
response = api_view_provider.view_func(request)
assert_response_is_bad_request(response)
user.refresh_from_db()
assert user.check_password(old_password)
