def test_auth_passwordreset_reset():
"""
password entered is less than 6 characters long
"""
server_data = Server_data()
email = "*****@*****.**"
auth_register(server_data, email, "abcde123", "Jay", "Chen")
# get the user's full information by email
# reset code should be empty
user_full = server_data.get_user_by_email(email)
old_password = user_full.password
assert user_full.reset_code == ""
# request to set a new password, will get a reset_code
# after request send, user receive a secret reset_code
auth_passwordreset_request(server_data, email)
reset_code = user_full.reset_code
assert reset_code != ""
# reset the password by using valid code
auth_passwordreset_reset(server_data, reset_code, "1234abc")
# check if the password has change to the new one
new_password = user_full.password
assert new_password != old_password
def test_auth_passwordreset_reset_success_whitebox():
clear()
auth_register('*****@*****.**', 'password23s', 'Box', 'White')
for user in data.users:
if user.email == '*****@*****.**':
user.secret_key = '2Djk8'
auth_passwordreset_reset('2Djk8', 'New_3dpassword')
def test_auth_passwordreset_reset_success():
clear()
auth_register('*****@*****.**', 'password', 'Madeline',
'Younes')
auth_passwordreset_request('*****@*****.**')
for user in data.users:
if user.email == '*****@*****.**':
reset_code = user.secret_key
auth_passwordreset_reset(reset_code, 'New_3dpassword')
def auth_passwordreset_reset():
'''
Route that takes in the reset_code and new_password,
checks both parameters are valid and then resets the password for the user.
'''
payload = request.get_json()
reset_code = payload['reset_code']
new_password = payload['new_password']
auth.auth_passwordreset_reset(reset_code, new_password)
return dumps({})
def test_exception_auth_passwordreset_reset():
clear()
user_dict = auth_register("*****@*****.**", "password", "Nate", "Drake")
user_token = user_dict["token"]
auth_logout(user_token)
with pytest.raises(InputError):
auth_passwordreset_reset("99", "password")
def reset_password():
'''
A route to reset a user's password
'''
payload = request.get_json()
if not payload['reset_code'] or not payload['new_password']:
raise RequestError(description="Missing data in request body")
auth_passwordreset_reset(payload['reset_code'], payload['new_password'])
return dumps({})
def test_auth_passwordreset_reset_invalid_reset_code():
'''
This is a test to ensure that the test fails due to the user
inputting an invalid reset_code.
'''
other.clear()
auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
auth_passwordreset_request("*****@*****.**")
with pytest.raises(InputError):
auth_passwordreset_reset(10, "abcd1234$")
def test_auth_passwordreset_reset_invalid_reset_code_manyuser():
clear()
auth_register('*****@*****.**', 'password1', 'Test1', 'User')
auth_register('*****@*****.**', 'password2', 'Test2', 'User')
auth_register('*****@*****.**', 'password3', 'Test3', 'User')
auth_register('*****@*****.**', 'password4', 'Test4', 'User')
auth_register('*****@*****.**', 'password5', 'Test5', 'User')
auth_passwordreset_request('*****@*****.**')
auth_passwordreset_request('*****@*****.**')
auth_passwordreset_request('*****@*****.**')
with pytest.raises(InputError):
auth_passwordreset_reset('incorrect_code', 'newpassword')
def test_incorrect_code_unsuccessful_reset():
"""
Tests unsuccessful uses of passwordreset_reset,
focusing on incorrect codes
"""
user1 = auth.auth_register('*****@*****.**', 'grobin?', 'Whedon', 'Gad')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
with pytest.raises(InputError):
assert auth.auth_passwordreset_reset('invalid_code', 'plsdontwork')
assert auth.auth_passwordreset_reset('another_invalid_code',
'good night')
other.clear()
def test_auth_password_reset_test():
clear()
#resgistering user to test
auth_register('*****@*****.**', '123abc!@#', 'Hayden', 'Everest',
None)
#requesting a password reset
auth_passwordreset_request('*****@*****.**')
for user in users:
if user['u_id'] == 1:
reset_code = user['reset_code']
break
with pytest.raises(InputError):
#raise error if incorrect code
auth_passwordreset_reset('12345', 'Agoodpassowrd')
#raise error if bad bassword
auth_passwordreset_reset(reset_code, 'bad')
#raise error if both incorrect
auth_passwordreset_reset('12345', 'bad')
#test correct inputs change passowrd
auth_passwordreset_reset(reset_code, 'Agoodpassowrd')
for user in users:
if user['u_id'] == 1:
assert user['password'] == hashlib.sha256(
'Agoodpassowrd'.encode()).hexdigest()
break
def test_password_reset_invalid_reset_code():
'''reset_code is not a valid reset code'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password with reset_code that has only 4 digits
with pytest.raises(InputError):
auth_passwordreset_reset(str(1234), "Qwerty567")
def test_invalid_new_password_unsuccessful_reset():
"""
Tests unsuccessful uses of passwordreset_reset,
focusing on invalid new passwords
"""
user1 = auth.auth_register('*****@*****.**', 'password', 'first',
'last')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
time.sleep(2)
code = get_code_from_email()
with pytest.raises(InputError):
assert auth.auth_passwordreset_reset(code, '')
assert auth.auth_passwordreset_reset(code, '12345')
other.clear()
def test_password_reset_wrong_reset_code1():
'''reset_code is not a valid reset code'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password with wrong reset_code
reset_code = data['users'][2]['reset_code']
with pytest.raises(InputError):
auth_passwordreset_reset(reset_code, "Qwer7")
def test_password_reset_valid1():
'''Valid password reset by a member of flockr'''
clear()
# Valid information has been summitted to register from the first user
auth_register("*****@*****.**", "ihfeh3hgi00d", "Yilang", "W")
# Vadid information has been summitted to register from the second user
auth_register("*****@*****.**", "VukkFs", "Bill", "Gates")
# Vadid information has been summitted to register from the third user
auth_register("*****@*****.**", "RFVtgb45678", "M", "Johnson")
# User 2 send a password reset request
auth_passwordreset_request("*****@*****.**")
# User 2 change the password
reset_code = data['users'][2]['reset_code']
auth_passwordreset_reset(reset_code, "Qwerty567")
assert data['users'][2]['password'] == password_encode("Qwerty567")
def reset_reset():
"""
Resets user's password using http
"""
data = request.get_json()
code = data['reset_code']
password = data['new_password']
return auth.auth_passwordreset_reset(code, password)
def test_password_reset_invalid_password():
"""
Trigger input error for invalid password.
"""
registered_email = "*****@*****.**"
reset_string = jwt.encode({'email': registered_email},
'changepassword',
algorithm='HS256')
with pytest.raises(InputError):
assert auth_passwordreset_reset(reset_string, "p")
def test_auth_passwordreset_reset_invalid_new_password():
'''
This is a test to ensure that the test fails as a result of
the new_password field not meeting the requirements for a valid password.
'''
other.clear()
test_user = auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
#auth_passwordreset_request("*****@*****.**")
# call a function to randomly generate the reset_code
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if test_user['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
with pytest.raises(InputError):
new_password = "******"
auth_passwordreset_reset(code, new_password)
def test_auth_passwordreset_reset_success_case():
'''
This test will be used to check whether or not the user
receives the error_code that was sent out. (This test might be redundant).
'''
other.clear()
test_user = auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if test_user['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
auth_passwordreset_reset(code, "wxyz1081$#")
auth_logout(test_user['token'])
auth_login("*****@*****.**", "wxyz1081$#")
def test_reset_password_short():
"""
password entered is less than 6 characters long
"""
server_data = Server_data()
email = "*****@*****.**"
auth_register(server_data, email, "abcde123", "Jay", "Chen")
# get the user's full information by email
# reset code should be empty
user_full = server_data.get_user_by_email(email)
assert user_full.reset_code == ""
# request to set a new password, will get a reset_code
# after request send, user receive a secret reset_code
auth_passwordreset_request(server_data, email)
reset_code = user_full.reset_code
assert reset_code != ""
with pytest.raises(InputError):
auth_passwordreset_reset(server_data, reset_code, "abc")
def test_auth_passwordreset_reset_another_user():
'''
Test if another user can also reset their password
'''
other.clear()
auth_register("*****@*****.**", "abcd1081$#", "John", "Smith")
user2 = auth_register("*****@*****.**", "abcd1081$", "Will", "Smith")
auth_passwordreset_request("*****@*****.**")
auth_passwordreset_request("*****@*****.**")
code = ''
for reset_code in data.reset_codes:
if user2['u_id'] == reset_code['u_id']:
code = reset_code['reset_code']
auth_passwordreset_reset(code, "wxyz1081$#")
auth_logout(user2['token'])
auth_login("*****@*****.**", "wxyz1081$#")
def test_password_reset():
"""
Check if password reset works for valid inputs.
"""
registered_email = "*****@*****.**"
return_1 = auth_passwordreset_request(registered_email)
# String sent
reset_string = jwt.encode({'email': registered_email},
'changepassword',
algorithm='HS256')
new_password = "******"
return_2 = auth_passwordreset_reset(reset_string, new_password)
assert return_1 == {} and return_2 == {}
def test_successful_passwordreset_reset():
user1 = auth.auth_register('*****@*****.**', 'thistooksolong', 'one',
'hundred')
auth.auth_logout(user1['token'])
auth.auth_passwordreset_request('*****@*****.**')
time.sleep(2)
code = get_code_from_email()
assert auth.auth_passwordreset_reset(code, 'new_password') == {}
with pytest.raises(InputError):
assert auth.auth_login('*****@*****.**', 'thistooksolong')
user2 = auth.auth_login('*****@*****.**', 'new_password')
assert user1['u_id'] == user2['u_id']
other.clear()
def test_auth_passwordreset_reset_password_not_valid():
clear()
email = "*****@*****.**"
auth_register(email, 'weiqiangpass1', 'Weiqiang1', 'Zhuang1')
auth_passwordreset_request(email)
reset_code = ''
for user in USER_DATA:
if user['email'] == email:
reset_code = user['reset_code']
break
new_pwd = "123"
with pytest.raises(InputError):
assert auth_passwordreset_reset(reset_code, new_pwd)
def http_auth_passwordreset_reset():
"""
http_auth_passwordreset_request
Given a user's email address, create a secret code for reseting the
password and send to his/her email address.
Input:
- (JSON) {reset_code, new_password}
Output:
- (JSON) {}
"""
# Get input and server data
input_data = request.get_json()
server_data = get_server_data_obj()
output_data = auth_passwordreset_reset(server_data,
input_data["reset_code"],
input_data["new_password"])
return dumps(output_data)
def test_auth_passwordreset_reset_code_not_valid():
clear()
with pytest.raises(InputError):
assert auth_passwordreset_reset("invalid_code", "newpassword2")
def test_auth_passwordreset_reset_invalid_password():
clear()
with pytest.raises(InputError):
auth_passwordreset_reset('correct_code', 'z.n')
def test_password_reset_invalid_reset_code():
"""
Trigger input error for invalid reset code.
"""
with pytest.raises(InputError):
assert auth_passwordreset_reset("aslkmdklsamdlka", "password")
def test_auth_passwordreset_reset_invalid_reset_code():
clear()
with pytest.raises(InputError):
auth_passwordreset_reset('incorrect_code', 'newpassword')
def password_reset():
reset_code = request.form.get('reset_code')
new_password = request.form.get('new_password')
auth.auth_passwordreset_reset(reset_code, new_password)
return dumps({})
def auth_passwordreset_reset_http():
data = request.get_json()
return_dict = auth_passwordreset_reset(data["reset_code"],
data["new_password"])
return dumps(return_dict)
