def test_reset_password_bad_password(app, user):
assert services.request_password_reset(user)
reset_token = user.reset_token
with pytest.raises(ValueError):
services.reset_password(user, "tooshort", user.reset_token)
# and the token can be used again:
assert user.reset_token == reset_token
def test_reset_password(app, user):
# Given: user with matching reset_token and password
assert services.request_password_reset(user)
services.reset_password(user, A_PASSWORD, user.reset_token)
# Then: the user's password is updated and the reset_token cannot be reused.
assert utils.verify_hash(A_PASSWORD, user.password_hash,
user.password_salt)
assert user.reset_token == ""
def test_reset_password_expired_token(app, user):
# Given: user with matching reset_token and password
assert services.request_password_reset(user)
# Then: no update b/c the reset_token is expired
with freeze_time(datetime.utcnow() +
timedelta(hours=services.RESET_TOKEN_EXPIRATION_HOURS +
1)), pytest.raises(ValueError):
services.reset_password(user, A_PASSWORD, user.reset_token)
utils.verify_hash(A_PASSWORD, user.password_hash, user.password_salt)
def test_request_password_reset_email_down(app, organization, monkeypatch):
# Given: existing user, matching password
user = services.create_user(USER1_EMAIL, A_PASSWORD, A_FIRST, A_LAST)
db.session.add(user)
db.session.commit()
driver_mock = Mock()
driver_mock.send_password_reset_email.return_value = False
monkeypatch.setattr(services.mail, "make_driver", lambda: driver_mock)
# Then: the user's reset_token is updated, and an email is sent.
assert not services.request_password_reset(user)
driver_mock.send_password_reset_email.assert_called_once()
def test_request_password_reset(app, organization, monkeypatch):
# Given: existing user, matching password
user = services.create_user(USER1_EMAIL, A_PASSWORD, A_FIRST, A_LAST)
db.session.add(user)
db.session.commit()
driver_mock = Mock()
monkeypatch.setattr(services.mail, "make_driver", lambda: driver_mock)
# Then: the user's reset_token is updated, and an email is sent.
original_reset_token = user.reset_token
assert services.request_password_reset(user)
driver_mock.send_password_reset_email.assert_called_once()
assert driver_mock.mock_calls[0][1][0].id == user.id
assert user.reset_token != original_reset_token
assert user.reset_token_expires_at < datetime.utcnow()
def test_reset_password_no_reset_token(app, user, organization):
assert services.request_password_reset(user)
with pytest.raises(ValueError):
services.reset_password(user, A_PASSWORD, "not right")
def test_request_password_reset_bad_user(app):
with pytest.raises(BadRequestError):
services.request_password_reset(None)