def test_stale_records_get_deleted_when_function_is_called():
token_store = []
for i in range(20):
user_name = "testPrepare%d" % (i, )
email_addr = "*****@*****.**" % (i, )
user_id = db_utils.create_user(email_addr=email_addr,
username=user_name)
form_for_request = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year)
resetpassword.request(form_for_request)
pw_reset_token = d.engine.scalar(
"SELECT token FROM forgotpassword WHERE userid = %(id)s",
id=user_id)
token_store.append(pw_reset_token)
# All tokens should exist at this point
for i in range(20):
assert resetpassword.checktoken(token_store[i])
# Set 5 tokens to be two hours old (0,5) (7200)
for i in range(0, 5):
d.engine.execute(
"UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 7200,
token=token_store[i])
# Set 5 tokens to be 30 minutes old (5,10) (1800)
for i in range(5, 10):
d.engine.execute(
"UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 1800,
token=token_store[i])
# Set 5 tokens to be 10 minutes old for the last visit time (10,15) (600)
for i in range(10, 15):
d.engine.execute(
"UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 600,
token=token_store[i])
# Set 5 tokens to be 2 minutes old for the last visit time (10,15) (120)
for i in range(15, 20):
d.engine.execute(
"UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 120,
token=token_store[i])
# This should clear all tokens >1hr old, and all tokens >5 minutes from last visit (10 total)
resetpassword.prepare('foo')
# This range should be cleared (set_time > 3600)
for i in range(0, 5):
assert not resetpassword.checktoken(token_store[i])
# This range should still be present (set_time < 3600)
for i in range(5, 10):
assert resetpassword.checktoken(token_store[i])
# This range should be cleared (link_time > 300)
for i in range(10, 15):
assert not resetpassword.checktoken(token_store[i])
# This range should still be present (link_time < 300)
for i in range(15, 20):
assert resetpassword.checktoken(token_store[i])
def test_verify_success_if_valid_information_provided():
email_addr = "*****@*****.**"
user_id = db_utils.create_user(email_addr=email_addr)
form = Bag(email=email_addr)
resetpassword.request(form)
pw_reset_token = d.engine.scalar(
"SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
assert 100 == len(pw_reset_token)
assert resetpassword.checktoken(pw_reset_token)
def test_stale_records_get_deleted_when_function_is_called():
token_store = []
for i in range(20):
user_name = "testPrepare%d" % (i,)
email_addr = "*****@*****.**" % (i,)
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
form_for_request = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year)
resetpassword.request(form_for_request)
pw_reset_token = d.engine.scalar("SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
token_store.append(pw_reset_token)
# All tokens should exist at this point
for i in range(20):
assert resetpassword.checktoken(token_store[i])
# Set 5 tokens to be two hours old (0,5) (7200)
for i in range(0, 5):
d.engine.execute("UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 7200, token=token_store[i])
# Set 5 tokens to be 30 minutes old (5,10) (1800)
for i in range(5, 10):
d.engine.execute("UPDATE forgotpassword SET set_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 1800, token=token_store[i])
# Set 5 tokens to be 10 minutes old for the last visit time (10,15) (600)
for i in range(10, 15):
d.engine.execute("UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 600, token=token_store[i])
# Set 5 tokens to be 2 minutes old for the last visit time (10,15) (120)
for i in range(15, 20):
d.engine.execute("UPDATE forgotpassword SET link_time = %(time)s WHERE token = %(token)s",
time=d.get_time() - 120, token=token_store[i])
# This should clear all tokens >1hr old, and all tokens >5 minutes from last visit (10 total)
resetpassword.prepare('foo')
# This range should be cleared (set_time > 3600)
for i in range(0, 5):
assert not resetpassword.checktoken(token_store[i])
# This range should still be present (set_time < 3600)
for i in range(5, 10):
assert resetpassword.checktoken(token_store[i])
# This range should be cleared (link_time > 300)
for i in range(10, 15):
assert not resetpassword.checktoken(token_store[i])
# This range should still be present (link_time < 300)
for i in range(15, 20):
assert resetpassword.checktoken(token_store[i])
def test_verify_success_if_valid_information_provided():
user_name = "test"
email_addr = "*****@*****.**"
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
form = Bag(email=email_addr, username=user_name, day=arrow.now().day,
month=arrow.now().month, year=arrow.now().year)
resetpassword.request(form)
pw_reset_token = d.engine.scalar("SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
assert 100 == len(pw_reset_token)
assert resetpassword.checktoken(pw_reset_token)
def resetpassword_get_(request):
form = request.web_input(token="")
if not resetpassword.checktoken(form.token):
return Response(define.errorpage(
request.userid,
"This link does not appear to be valid. If you followed this link from your email, it may have expired."))
resetpassword.prepare(form.token)
return Response(define.webpage(request.userid, "etc/resetpassword.html", [form.token], title="Reset Forgotten Password"))
def test_true_returned_if_token_exists():
user_id = db_utils.create_user(username='******')
token = "testtokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentest000001"
d.engine.execute(d.meta.tables["forgotpassword"].insert(), {
"userid": user_id,
"token": token,
"set_time": d.get_time(),
"link_time": 0,
"address": d.get_address(),
})
assert resetpassword.checktoken(token)
def GET(self):
form = web.input(token="")
if not resetpassword.checktoken(form.token):
return define.errorpage(
self.user_id,
"This link does not appear to be valid. If you followed this link from your email, it may have expired.")
resetpassword.prepare(form.token)
return define.webpage(self.user_id, template.etc_resetpassword, [form.token])
def resetpassword_get_(request):
form = request.web_input(token="")
if not resetpassword.checktoken(form.token):
return Response(define.errorpage(
request.userid,
"This link does not appear to be valid. If you followed this link from your email, it may have expired."))
resetpassword.prepare(form.token)
return Response(define.webpage(request.userid, "etc/resetpassword.html", [form.token], title="Reset Forgotten Password"))
def test_true_returned_if_token_exists():
user_id = db_utils.create_user(username='******')
token = "testtokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentest000001"
d.engine.execute(d.meta.tables["forgotpassword"].insert(), {
"userid": user_id,
"token": token,
"set_time": d.get_time(),
"link_time": 0,
"address": d.get_address(),
})
assert resetpassword.checktoken(token)
def GET(self):
form = web.input(token="")
if not resetpassword.checktoken(form.token):
return define.errorpage(
self.user_id,
"This link does not appear to be valid. If you followed this link from your email, it may have expired."
)
resetpassword.prepare(form.token)
return define.webpage(self.user_id, template.etc_resetpassword,
[form.token])
def test_verify_success_if_valid_information_provided():
user_name = "test"
email_addr = "*****@*****.**"
user_id = db_utils.create_user(email_addr=email_addr, username=user_name)
form = Bag(email=email_addr,
username=user_name,
day=arrow.now().day,
month=arrow.now().month,
year=arrow.now().year)
resetpassword.request(form)
pw_reset_token = d.engine.scalar(
"SELECT token FROM forgotpassword WHERE userid = %(id)s", id=user_id)
assert 100 == len(pw_reset_token)
assert resetpassword.checktoken(pw_reset_token)
def test_false_returned_if_token_does_not_exist():
token = "testtokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentest000000"
assert not resetpassword.checktoken(token)
def test_false_returned_if_token_does_not_exist():
token = "testtokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentesttokentest000000"
assert not resetpassword.checktoken(token)
